VercelVercel
Menu

Getting started with Sign in with Vercel using a coding agent

Last updated February 24, 2026

If you use a coding agent like Claude Code, Cursor, or Cline, you can scaffold the full Sign in with Vercel OAuth flow with a single prompt instead of writing each route and component by hand.

For step-by-step manual setup, see the manual quickstart.

Before you begin

Complete these steps in the Vercel dashboard before prompting your agent:

  1. Create an App from the dashboard
  2. Generate a client secret
  3. Set the authorization callback URL to http://localhost:3000/api/auth/callback for local development
  4. Configure permissions your app needs

Add your credentials to .env.local:

.env.local
NEXT_PUBLIC_VERCEL_APP_CLIENT_ID="your-client-id"
VERCEL_APP_CLIENT_SECRET="your-client-secret"

Scaffold the OAuth flow

Prompt your agent to create the full sign-in flow:

Prompt
Add Sign in with Vercel to this Next.js App Router project.

- My client ID and secret are in .env.local as
  NEXT_PUBLIC_VERCEL_APP_CLIENT_ID and VERCEL_APP_CLIENT_SECRET
- Create these API routes:
  - app/api/auth/authorize (redirect to Vercel OAuth with PKCE)
  - app/api/auth/callback (exchange code for tokens, set cookies)
  - app/api/auth/signout (revoke token, clear cookies)
- Create a profile page at app/profile that fetches user info
  from https://api.vercel.com/login/oauth/userinfo
- Create SignInWithVercel and SignOut button components
- Use secure cookie settings (httpOnly, sameSite: lax, secure only
  in production)
- Use PKCE with S256 code challenge
- Include state and nonce parameters for CSRF and replay protection

Your agent will create the route handlers, components, and profile page.

Endpoints and authentication

DetailValue
Authorization URLhttps://vercel.com/oauth/authorize
Token exchangePOST https://api.vercel.com/login/oauth/token
Token revocationPOST https://api.vercel.com/login/oauth/token/revoke
User infoGET https://api.vercel.com/login/oauth/userinfo
Token introspectionPOST https://api.vercel.com/login/oauth/token/introspect
Recommended scopesopenid email profile offline_access (openid is required, others are optional)
PKCE methodS256
Callback URL format{origin}/api/auth/callback
Client ID env varNEXT_PUBLIC_VERCEL_APP_CLIENT_ID
Client secret env varVERCEL_APP_CLIENT_SECRET

Next steps

Previous
Getting Started
Next
Scopes & Permissions

Was this helpful?

supported.