Skip to content

OAuth Login

kendo supports signing in with Google or GitHub. You can use OAuth as your primary login method, link multiple providers for convenience, or combine OAuth with a traditional password.

1. Sign In with OAuth

On the login page, click Continue with Google or Continue with GitHub below the email/password form. You'll be redirected to the provider to authorize access, then returned to kendo and logged in automatically.

INFO

OAuth login requires a linked account. If you haven't linked a provider yet, you'll see an error asking you to link your account from profile settings first. To get started, sign in with your email and password, then link a provider from your profile.

2. Accept an Invite with OAuth

When you receive an invitation email, the invite page offers both options:

  • Set a password — Traditional account setup
  • Continue with Google/GitHub — Create your account using OAuth (no password needed)

If you choose OAuth, your account is activated and linked to the provider automatically. You can always set a password later from your profile settings.

3. Manage Connected Accounts

After logging in, go to your Profile page. The Connected Accounts section shows all available providers:

  • Linked providers — Shows the connected email and an Unlink button
  • Unlinked providers — Shows a Link button that opens a popup to authorize the provider

Linking a Provider

Click Link next to the provider. A popup opens for authorization. After approving, the popup closes and your profile updates automatically.

Unlinking a Provider

Click Unlink next to a connected provider, then confirm. The provider is removed from your account.

WARNING

You cannot unlink your last authentication method. If you signed up via OAuth and haven't set a password, the unlink button is disabled. Set a password first, then you can unlink the provider.

4. Set a Password (OAuth-Only Users)

If you created your account through OAuth, you won't have a password. Your profile shows Set Password instead of Change Password.

Setting a password gives you an additional login method and allows you to unlink OAuth providers if needed. Password requirements:

  • Minimum 8 characters
  • Must include letters, mixed case, numbers, and symbols

How It Works

kendo uses a redirect-based OAuth flow:

  1. Redirect — kendo redirects your browser to the OAuth provider
  2. Authorize — You approve access at the provider (Google, GitHub)
  3. Callback — The provider redirects back to kendo with an authorization code
  4. Session — kendo exchanges the code, verifies your identity, and logs you in

For account linking (from profile settings), the flow uses a popup window instead of a full-page redirect, so you stay on the profile page.

TIP

OAuth login is independent from the GitHub integration for repository linking. They use separate connections — linking GitHub for login does not grant kendo access to your repositories, and vice versa.

Central Admin: Two-Factor Authentication

Platform administrators who sign in to the central admin area (central.kendo.dev) can add a time-based one-time password (TOTP) second factor to their account. Two-factor authentication is opt-in — an administrator who hasn't enabled it signs in exactly as before.

Enable 2FA

From your central Profile page, under Security:

  1. Click Enable 2FA and confirm your password.
  2. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.), or enter the shown key manually.
  3. Enter the 6-digit code from your app to confirm.
  4. Save the recovery codes that appear — each can be used once if you lose access to your authenticator. Click I've saved these codes to finish.

Sign in with 2FA

After 2FA is enabled, signing in becomes two steps: enter your email and password as usual, then, on the challenge screen, enter the current 6-digit code from your authenticator app. You can switch to Use a recovery code if your device is unavailable.

WARNING

Each recovery code works only once. After using one, generate a fresh set from your profile with Regenerate Recovery Codes (this invalidates the previous set).

Manage or disable 2FA

From the Security section of your profile you can Regenerate Recovery Codes or Disable 2FA — both require re-entering your password. Disabling 2FA removes the challenge from your next sign-in.

See Also