Add generic OAuth provider

apps/sim/lib/auth.ts

@@ -159,6 +159,8 @@ export const auth = betterAuth({
 
         // Common SSO provider patterns
         ...SSO_TRUSTED_PROVIDERS,
+        // Generic OAuth provider (if configured)
+        ...(env.OAUTH_PROVIDER_ID ? [env.OAUTH_PROVIDER_ID] : []),
       ],
     },
   },
@@ -1584,6 +1586,28 @@ export const auth = betterAuth({
             }
           },
         },
+        // Generic OAuth provider (Auth0, Okta, Keycloak, custom OIDC, etc.)
+        ...(env.OAUTH_CLIENT_ID &&
+        env.OAUTH_CLIENT_SECRET &&
+        env.OAUTH_AUTHORIZATION_URL &&
+        env.OAUTH_TOKEN_URL &&
+        env.OAUTH_USERINFO_URL &&
+        env.OAUTH_PROVIDER_ID
+          ? [
+              {
+                providerId: env.OAUTH_PROVIDER_ID,
+                clientId: env.OAUTH_CLIENT_ID,
+                clientSecret: env.OAUTH_CLIENT_SECRET,
+                authorizationUrl: env.OAUTH_AUTHORIZATION_URL,
+                tokenUrl: env.OAUTH_TOKEN_URL,
+                userInfoUrl: env.OAUTH_USERINFO_URL,
+                scopes: env.OAUTH_SCOPES
+                  ? env.OAUTH_SCOPES.split(' ').filter(Boolean)
+                  : ['openid', 'profile', 'email'],
+                redirectURI: `${getBaseUrl()}/api/auth/oauth2/callback/${env.OAUTH_PROVIDER_ID}`,
+              },
+            ]
+          : []),
       ],
     }),
     // Include SSO plugin when enabled

apps/sim/lib/env.ts

@@ -174,6 +174,13 @@ export const env = createEnv({
     GOOGLE_CLIENT_SECRET:                  z.string().optional(),                  // Google OAuth client secret
     GITHUB_CLIENT_ID:                      z.string().optional(),                  // GitHub OAuth client ID for GitHub integration
     GITHUB_CLIENT_SECRET:                  z.string().optional(),                  // GitHub OAuth client secret
+    OAUTH_CLIENT_ID:                       z.string().optional(),                  // OAuth client ID
+    OAUTH_CLIENT_SECRET:                   z.string().optional(),                  // OAuth client secret
+    OAUTH_AUTHORIZATION_URL:               z.string().optional(),                  // OAuth authorization URL
+    OAUTH_TOKEN_URL:                       z.string().optional(),                  // OAuth token URL
+    OAUTH_USERINFO_URL:                    z.string().optional(),                  // OAuth userinfo URL
+    OAUTH_SCOPES:                          z.string().optional(),                  // OAuth scopes
+    OAUTH_PROVIDER_ID:                     z.string().optional(),                  // OAuth provider ID
     GITHUB_REPO_CLIENT_ID:                 z.string().optional(),                  // GitHub OAuth client ID for repo access
     GITHUB_REPO_CLIENT_SECRET:             z.string().optional(),                  // GitHub OAuth client secret for repo access
     X_CLIENT_ID:                           z.string().optional(),                  // X (Twitter) OAuth client ID

helm/sim/values.schema.json

@@ -151,6 +151,34 @@
               "type": "string",
               "description": "GitHub OAuth client secret"
             },
+            "OAUTH_CLIENT_ID": {
+              "type": "string",
+              "description": "OAuth client ID"
+            },
+            "OAUTH_CLIENT_SECRET": {
+              "type": "string",
+              "description": "OAuth client secret"
+            },
+            "OAUTH_AUTHORIZATION_URL": {
+              "type": "string",
+              "description": "OAuth authorization URL"
+            },
+            "OAUTH_TOKEN_URL": {
+              "type": "string",
+              "description": "OAuth token URL"
+            },
+            "OAUTH_USERINFO_URL": {
+              "type": "string",
+              "description": "OAuth userinfo URL"
+            },
+            "OAUTH_SCOPES": {
+              "type": "string",
+              "description": "OAuth scopes (default: openid profile email)"
+            },
+            "OAUTH_PROVIDER_ID": {
+              "type": "string",
+              "description": "OAuth provider ID"
+            },
             "OPENAI_API_KEY": {
               "type": "string",
               "description": "Primary OpenAI API key"

helm/sim/values.yaml

@@ -84,7 +84,16 @@ app:
     GOOGLE_CLIENT_SECRET: ""                              # Google OAuth client secret
     GITHUB_CLIENT_ID: ""                                  # GitHub OAuth client ID  
     GITHUB_CLIENT_SECRET: ""                              # GitHub OAuth client secret
-
+
+    # Generic OAuth Provider Configuration (for Auth0, Okta, Keycloak, custom OIDC providers, etc.)
+    OAUTH_CLIENT_ID: ""                                   # OAuth client ID for generic OAuth provider
+    OAUTH_CLIENT_SECRET: ""                               # OAuth client secret for generic OAuth provider
+    OAUTH_AUTHORIZATION_URL: ""                           # Authorization endpoint URL (e.g., https://your-domain.auth0.com/authorize)
+    OAUTH_TOKEN_URL: ""                                   # Token endpoint URL (e.g., https://your-domain.auth0.com/oauth/token)
+    OAUTH_USERINFO_URL: ""                                # User info endpoint URL (e.g., https://your-domain.auth0.com/userinfo)
+    OAUTH_SCOPES: "openid profile email"                  # OAuth scopes (default: openid profile email)
+    OAUTH_PROVIDER_ID: ""                                 # Provider identifier for Better Auth's genericOAuth plugin (e.g., auth0, okta, custom)
+
     # AI Provider API Keys (leave empty if not using)
     OPENAI_API_KEY: ""                                    # Primary OpenAI API key
     OPENAI_API_KEY_1: ""                                  # Additional OpenAI API key for load balancing