Skip to main content

​
Authentication in Oxy

Oxy supports several authentication methods that can be enabled individually or combined. All methods are configured entirely through environment variables β€” no config files required.

​
Available Methods

Magic Link

Passwordless email sign-in via one-time links delivered through Amazon SES. No passwords to manage.

Google OAuth

Social login with Google accounts. One-click sign-in for users.

Okta OAuth

Enterprise SSO integration with Okta Identity Cloud.

API Keys

Programmatic access for automation and integrations.

​
Quick Configuration

# Magic link (passwordless email)
export MAGIC_LINK_FROM_EMAIL=noreply@yourcompany.com
export AWS_REGION=us-east-1

# Google OAuth
export GOOGLE_CLIENT_ID=your_client_id.apps.googleusercontent.com
export GOOGLE_CLIENT_SECRET=your_client_secret

# Okta OAuth
export OKTA_CLIENT_ID=your_okta_client_id
export OKTA_CLIENT_SECRET=your_okta_client_secret
export OKTA_DOMAIN=your-domain.okta.com

oxy serve

​
Comparison

MethodSetupBest For
Magic Link🟑 Medium (AWS SES)Passwordless access, all team sizes
Google OAuth🟑 MediumSocial login, zero password management
Okta OAuth🟑 MediumEnterprise SSO, existing Okta deployments

​
Multiple Methods

You can enable multiple methods simultaneously. Users will see all available sign-in options and choose their preferred one.

​
Local Development (No Cloud Required)

For local development without any cloud accounts, use magic link’s browser mode: 
export MAGIC_LINK_LOCAL_TEST=1
oxy serve
Sign-in emails open directly in your browser instead of being sent via SES. See the Magic Link guide for details.