diff --git a/composer.json b/composer.json
index 05b561ca1..53c08b3d2 100644
--- a/composer.json
+++ b/composer.json
@@ -42,7 +42,8 @@
         "symfony/yaml": "^7.3",
         "tempest/highlight": "^2.11.4",
         "vlucas/phpdotenv": "^5.6.1",
-        "voku/portable-ascii": "^2.0.3"
+        "voku/portable-ascii": "^2.0.3",
+        "league/oauth2-client": "^2.8"
     },
     "require-dev": {
         "aws/aws-sdk-php": "^3.338.0",
diff --git a/packages/auth/src/OAuth/BuiltInOAuthProvider.php b/packages/auth/src/OAuth/BuiltInOAuthProvider.php
new file mode 100644
index 000000000..4da838bb3
--- /dev/null
+++ b/packages/auth/src/OAuth/BuiltInOAuthProvider.php
@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth;
+
+use Tempest\Auth\OAuth\Providers\GithubProvider;
+use Tempest\Auth\OAuth\Providers\GoogleProvider;
+use Tempest\Support\IsEnumHelper;
+
+enum BuiltInOAuthProvider: string
+{
+    use IsEnumHelper;
+
+    case GITHUB = 'github';
+    case GOOGLE = 'google';
+
+    /**
+     * @return class-string<OAuthProvider>
+     */
+    public function providerClass(): string
+    {
+        return match ($this) {
+            self::GITHUB => GithubProvider::class,
+            self::GOOGLE => GoogleProvider::class,
+        };
+    }
+
+    public static function fromProviderClass(string $providerClass): ?self
+    {
+        return match ($providerClass) {
+            GithubProvider::class => self::GITHUB,
+            GoogleProvider::class => self::GOOGLE,
+            default => null,
+        };
+    }
+}
diff --git a/packages/auth/src/OAuth/DataObjects/AccessToken.php b/packages/auth/src/OAuth/DataObjects/AccessToken.php
new file mode 100644
index 000000000..1794c4d3d
--- /dev/null
+++ b/packages/auth/src/OAuth/DataObjects/AccessToken.php
@@ -0,0 +1,62 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\DataObjects;
+
+use League\OAuth2\Client\Token\AccessToken as LeagueAccessToken;
+use League\OAuth2\Client\Token\AccessTokenInterface;
+use Tempest\Mapper\MapFrom;
+
+use function Tempest\map;
+
+final readonly class AccessToken
+{
+    public function __construct(
+        #[MapFrom('access_token')]
+        public string $accessToken,
+
+        #[MapFrom('token_type')]
+        public string $tokenType,
+
+        public string $scope,
+
+        #[MapFrom('expires_in')]
+        public ?int $expiresIn = null,
+
+        #[MapFrom('refresh_token')]
+        public ?string $refreshToken = null,
+
+        #[MapFrom('additional_informations')]
+        public ?array $additionalInformations = null,
+    ) {}
+
+    public static function from(array $data): self
+    {
+        return map($data)->to(self::class);
+    }
+
+    public static function fromLeagueAccessToken(AccessTokenInterface $accessToken): self
+    {
+        return new self(
+            accessToken: $accessToken->getToken(),
+            tokenType: $accessToken->getValues()['token_type'] ?? 'Bearer',
+            scope: $accessToken->getValues()['scope'] ?? '',
+            expiresIn: $accessToken->getExpires()
+                ? ($accessToken->getExpires() - time())
+                : null,
+            refreshToken: $accessToken->getRefreshToken(),
+            additionalInformations: $accessToken->getValues() ?: null,
+        );
+    }
+
+    public function toLeagueAccessToken(): LeagueAccessToken
+    {
+        return new LeagueAccessToken([
+            'access_token' => $this->accessToken,
+            'refresh_token' => $this->refreshToken,
+            'expires_in' => $this->expiresIn,
+            ...$this->additionalInformations,
+        ]);
+    }
+}
diff --git a/packages/auth/src/OAuth/DataObjects/OAuthUserData.php b/packages/auth/src/OAuth/DataObjects/OAuthUserData.php
new file mode 100644
index 000000000..c9c7437d6
--- /dev/null
+++ b/packages/auth/src/OAuth/DataObjects/OAuthUserData.php
@@ -0,0 +1,38 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\DataObjects;
+
+use Tempest\Mapper\MapFrom;
+
+use function Tempest\map;
+
+final readonly class OAuthUserData
+{
+    public function __construct(
+        #[MapFrom('ID', 'Id', 'sub', 'user_id')]
+        public int|string|null $id = null,
+
+        #[MapFrom('nickname', 'nick_name', 'login', 'username', 'user_name', 'preferred_username', 'given_name')]
+        public ?string $nickname = null,
+
+        #[MapFrom('name', 'full_name', 'fullName', 'display_name', 'displayName', 'family_name')]
+        public ?string $name = null,
+
+        public ?string $email = null,
+
+        #[MapFrom('avatar', 'avatar_url', 'picture', 'profile_image_url')]
+        public ?string $avatar = null,
+        public array $rawData = [],
+    ) {}
+
+    public static function from(array $rawData): self
+    {
+        return map([
+            'rawData' => $rawData,
+            ...$rawData,
+        ])
+            ->to(self::class);
+    }
+}
diff --git a/packages/auth/src/OAuth/Exceptions/InvalidCodeException.php b/packages/auth/src/OAuth/Exceptions/InvalidCodeException.php
new file mode 100644
index 000000000..cbf0f6f11
--- /dev/null
+++ b/packages/auth/src/OAuth/Exceptions/InvalidCodeException.php
@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Exceptions;
+
+final class InvalidCodeException extends OAuthException
+{
+}
diff --git a/packages/auth/src/OAuth/Exceptions/InvalidStateException.php b/packages/auth/src/OAuth/Exceptions/InvalidStateException.php
new file mode 100644
index 000000000..24264bee7
--- /dev/null
+++ b/packages/auth/src/OAuth/Exceptions/InvalidStateException.php
@@ -0,0 +1,9 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Exceptions;
+
+final class InvalidStateException extends OAuthException
+{
+}
diff --git a/packages/auth/src/OAuth/Exceptions/OAuthException.php b/packages/auth/src/OAuth/Exceptions/OAuthException.php
new file mode 100644
index 000000000..a02ed9106
--- /dev/null
+++ b/packages/auth/src/OAuth/Exceptions/OAuthException.php
@@ -0,0 +1,11 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Exceptions;
+
+use RuntimeException;
+
+class OAuthException extends RuntimeException
+{
+}
diff --git a/packages/auth/src/OAuth/Initializers/BuiltInOAuthProviderInitializer.php b/packages/auth/src/OAuth/Initializers/BuiltInOAuthProviderInitializer.php
new file mode 100644
index 000000000..3a180a6d1
--- /dev/null
+++ b/packages/auth/src/OAuth/Initializers/BuiltInOAuthProviderInitializer.php
@@ -0,0 +1,58 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Initializers;
+
+use Tempest\Auth\OAuth\BuiltInOAuthProvider;
+use Tempest\Auth\OAuth\Exceptions\OAuthException;
+use Tempest\Auth\OAuth\OAuthProvider;
+use Tempest\Auth\OAuth\Providers\GithubProvider;
+use Tempest\Auth\OAuth\Providers\GoogleProvider;
+use Tempest\Container\Container;
+use Tempest\Container\DynamicInitializer;
+use Tempest\Http\Session\Session;
+use Tempest\Reflection\ClassReflector;
+use TypeError;
+use UnitEnum;
+
+use function \Tempest\env;
+
+final class BuiltInOAuthProviderInitializer implements DynamicInitializer
+{
+    public function canInitialize(ClassReflector $class, UnitEnum|string|null $tag): bool
+    {
+        return ($class->implements(OAuthProvider::class) || $class->is(OAuthProvider::class)) && $tag === 'from_env_variables';
+    }
+
+    public function initialize(ClassReflector $class, UnitEnum|string|null $tag, Container $container): OAuthProvider
+    {
+        try {
+            $providerType = BuiltInOAuthProvider::fromProviderClass($class->getName()) ??
+            throw new OAuthException(sprintf('No built-in OAuth2 provider found for class: "%s"', $class->getName()));
+
+            return match ($providerType) {
+                BuiltInOAuthProvider::GOOGLE => new GoogleProvider(
+                    session: $container->get(Session::class),
+                )->configure(
+                    clientId: env('GOOGLE_CLIENT_ID'),
+                    clientSecret: env('GOOGLE_CLIENT_SECRET'),
+                    redirectUri: env('GOOGLE_REDIRECT_URI'),
+                ),
+                BuiltInOAuthProvider::GITHUB => new GithubProvider(
+                    session: $container->get(Session::class),
+                )->configure(
+                    clientId: env('GITHUB_CLIENT_ID'),
+                    clientSecret: env('GITHUB_CLIENT_SECRET'),
+                    redirectUri: env('GITHUB_REDIRECT_URI'),
+                ),
+                default => throw new OAuthException(sprintf('Cannot initialize "%s" built-in OAuth2 provider', $providerType->name)),
+            };
+        } catch (TypeError $exception) {
+            throw new OAuthException(
+                sprintf('Failed to initialize OAuth2 provider for "%s". Ensure that the environment variables are set correctly.', $class->getName()),
+                previous: $exception,
+            );
+        }
+    }
+}
diff --git a/packages/auth/src/OAuth/IsOauthProvider.php b/packages/auth/src/OAuth/IsOauthProvider.php
new file mode 100644
index 000000000..6b56c9a07
--- /dev/null
+++ b/packages/auth/src/OAuth/IsOauthProvider.php
@@ -0,0 +1,138 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth;
+
+use GuzzleHttp\Exception\GuzzleException;
+use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
+use League\OAuth2\Client\Provider\GenericProvider;
+use Tempest\Auth\OAuth\DataObjects\AccessToken;
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+use Tempest\Auth\OAuth\Exceptions\OAuthException;
+use Tempest\Http\Session\Session;
+
+use function Tempest\Support\str;
+
+trait IsOauthProvider
+{
+    // TODO : Should be #[Inject] property, but can't resolve chain in Initializers yet
+    public function __construct(
+        private readonly Session $session,
+    ) {}
+
+    private GenericProvider $internalProvider;
+
+    public protected(set) string $clientId;
+    public protected(set) string $clientSecret;
+    public protected(set) string $redirectUri;
+    public protected(set) array $defaultScopes;
+    public protected(set) string $authorizeEndpoint;
+    public protected(set) string $accessTokenEndpoint;
+    public protected(set) string $userDataEndpoint;
+    public protected(set) string $stateSessionSlug;
+
+    /**
+     * @param array<string> $defaultScopes
+     */
+    protected function configureInternalProvider(
+        string $clientId,
+        string $clientSecret,
+        string $redirectUri,
+        array $defaultScopes,
+        string $authorizeEndpoint,
+        string $accessTokenEndpoint,
+        string $userDataEndpoint,
+        string $stateSessionSlug = 'oauth-state',
+    ): static {
+        $this->clientId = $clientId;
+        $this->clientSecret = $clientSecret;
+        $this->redirectUri = $redirectUri;
+        $this->defaultScopes = $defaultScopes;
+        $this->authorizeEndpoint = $authorizeEndpoint;
+        $this->accessTokenEndpoint = $accessTokenEndpoint;
+        $this->userDataEndpoint = $userDataEndpoint;
+        $this->stateSessionSlug = $stateSessionSlug;
+
+        $this->internalProvider = new GenericProvider([
+            'clientId' => $this->clientId,
+            'clientSecret' => $this->clientSecret,
+            'redirectUri' => $this->redirectUri,
+            'urlAuthorize' => $this->authorizeEndpoint,
+            'urlAccessToken' => $this->accessTokenEndpoint,
+            'urlResourceOwnerDetails' => $this->userDataEndpoint,
+        ]);
+
+        return $this;
+    }
+
+    /**
+     * @param array<string, mixed>|null $additionalParameters Additional parameters to include in the authorization URL.
+     * @param array<string>|null $scopes Scopes to request. If null, the default scopes will be used.
+     * @param string|null $state A state parameter to include in the authorization URL. If null, a random state will be generated.
+     */
+    public function generateAuthorizationUrl(
+        array $additionalParameters = [],
+        ?array $scopes = null,
+        ?string $state = null,
+        ?string $scopeSeparator = ' ',
+    ): string {
+        $scopes ??= $this->defaultScopes;
+        $state ??= $this->generateState();
+
+        $this->session->flash($this->stateSessionSlug, $state);
+
+        return $this->internalProvider->getAuthorizationUrl([
+            'scope' => implode($scopeSeparator, $scopes),
+            'state' => $state,
+            ...$additionalParameters,
+        ]);
+    }
+
+    /**
+     * @param array<string, mixed>|null $additionalParameters Additional parameters to include in the request.
+     */
+    public function generateAccessToken(
+        string $code,
+        array $additionalParameters = [],
+    ): AccessToken {
+        try {
+            $token = $this->internalProvider->getAccessToken(
+                grant: 'authorization_code',
+                options: [
+                    'code' => $code,
+                    ...$additionalParameters,
+                ],
+            );
+
+            return AccessToken::fromLeagueAccessToken($token);
+        } catch (GuzzleException|IdentityProviderException $e) {
+            throw new OAuthException('Failed to get access token: ' . $e->getMessage(), previous: $e);
+        }
+    }
+
+    public function fetchUserDataFromToken(
+        AccessToken $accessToken,
+    ): OAuthUserData {
+        try {
+            return $this->createUserDataFromResponse(
+                $this->internalProvider->getResourceOwner($accessToken->toLeagueAccessToken())->toArray(),
+            );
+        } catch (GuzzleException|IdentityProviderException $e) {
+            throw new OAuthException('Failed to get user data: ' . $e->getMessage(), previous: $e);
+        }
+    }
+
+    protected function generateState(): string
+    {
+        return str()->random(40)->toString();
+    }
+
+    /**
+     * @param array<string, mixed> $userData The raw user data array returned by the OAuth provider.
+     */
+    protected function createUserDataFromResponse(array $userData): OAuthUserData
+    {
+        return OAuthUserData::from($userData);
+    }
+}
diff --git a/packages/auth/src/OAuth/OAuthProvider.php b/packages/auth/src/OAuth/OAuthProvider.php
new file mode 100644
index 000000000..63692c537
--- /dev/null
+++ b/packages/auth/src/OAuth/OAuthProvider.php
@@ -0,0 +1,66 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth;
+
+use Tempest\Auth\OAuth\DataObjects\AccessToken;
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+
+interface OAuthProvider
+{
+    /**
+     * @var array<string> The default scopes for the OAuth2 provider.
+     */
+    public array $defaultScopes {
+        get;
+    }
+
+    /**
+     * @var string The URL to redirect the user for authorization.
+     */
+    public string $authorizeEndpoint {
+        get;
+    }
+
+    /**
+     * @var string The URL to exchange the authorization code for an access token.
+     */
+    public string $accessTokenEndpoint {
+        get;
+    }
+
+    /**
+     * @var string The URL to fetch user data after authorization.
+     */
+    public string $userDataEndpoint {
+        get;
+    }
+
+    /**
+     * @param array<string, mixed>|null $additionalParameters Additional parameters to include in the authorization URL.
+     * @param array<string>|null $scopes Scopes to request. If null, the default scopes will be used.
+     * @param string|null $state A state parameter to include in the authorization URL. If null, a random state will be generated.
+     */
+    public function generateAuthorizationUrl(
+        array $additionalParameters = [],
+        ?array $scopes = null,
+        ?string $state = null,
+        ?string $scopeSeparator = ' ',
+    ): string;
+
+    /**
+     * @param array<string, mixed>|null $additionalParameters Additional parameters to include in the request.
+     */
+    public function generateAccessToken(
+        string $code,
+        array $additionalParameters = [],
+    ): AccessToken;
+
+    /*
+     * Fetches user data from the OAuth2 provider using the provided access token.
+     */
+    public function fetchUserDataFromToken(
+        AccessToken $accessToken,
+    ): OAuthUserData;
+}
diff --git a/packages/auth/src/OAuth/Providers/GenericProvider.php b/packages/auth/src/OAuth/Providers/GenericProvider.php
new file mode 100644
index 000000000..fe79f210f
--- /dev/null
+++ b/packages/auth/src/OAuth/Providers/GenericProvider.php
@@ -0,0 +1,37 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Providers;
+
+use Tempest\Auth\OAuth\IsOauthProvider;
+
+class GenericProvider
+{
+    use IsOauthProvider;
+
+    /**
+     * @param array<string> $defaultScopes
+     */
+    public function configure(
+        string $clientId,
+        string $clientSecret,
+        string $redirectUri,
+        array $defaultScopes,
+        string $authorizeEndpoint,
+        string $accessTokenEndpoint,
+        string $userDataEndpoint,
+        string $stateSessionSlug = 'oauth-state',
+    ): self {
+        return $this->configureInternalProvider(
+            clientId: $clientId,
+            clientSecret: $clientSecret,
+            redirectUri: $redirectUri,
+            defaultScopes: $defaultScopes,
+            authorizeEndpoint: $authorizeEndpoint,
+            accessTokenEndpoint: $accessTokenEndpoint,
+            userDataEndpoint: $userDataEndpoint,
+            stateSessionSlug: $stateSessionSlug,
+        );
+    }
+}
diff --git a/packages/auth/src/OAuth/Providers/GithubProvider.php b/packages/auth/src/OAuth/Providers/GithubProvider.php
new file mode 100644
index 000000000..a2ddaaa62
--- /dev/null
+++ b/packages/auth/src/OAuth/Providers/GithubProvider.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Providers;
+
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+use Tempest\Auth\OAuth\IsOauthProvider;
+use Tempest\Auth\OAuth\OAuthProvider;
+
+final class GithubProvider implements OAuthProvider
+{
+    use IsOauthProvider;
+
+    public function configure(
+        string $clientId,
+        string $clientSecret,
+        string $redirectUri,
+        ?array $defaultScopes = null,
+        string $stateSessionSlug = 'oauth-state',
+    ): self {
+        $this->defaultScopes = $defaultScopes ??= ['user:email'];
+        $this->authorizeEndpoint = 'https://github.com/login/oauth/authorize';
+        $this->accessTokenEndpoint = 'https://github.com/login/oauth/access_token';
+        $this->userDataEndpoint = 'https://api.github.com/user';
+
+        return $this->configureInternalProvider(
+            clientId: $clientId,
+            clientSecret: $clientSecret,
+            defaultScopes: $defaultScopes,
+            redirectUri: $redirectUri,
+            authorizeEndpoint: $this->authorizeEndpoint,
+            accessTokenEndpoint: $this->accessTokenEndpoint,
+            userDataEndpoint: $this->userDataEndpoint,
+            stateSessionSlug: $stateSessionSlug,
+        );
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function createUserDataFromResponse(array $userData): OAuthUserData
+    {
+        return new OAuthUserData(
+            id: $userData['id'] ?? null,
+            nickname: $userData['login'] ?? null,
+            name: $userData['name'] ?? null,
+            email: $userData['email'] ?? null,
+            avatar: $userData['avatar_url'] ?? null,
+            rawData: $userData,
+        );
+    }
+}
diff --git a/packages/auth/src/OAuth/Providers/GoogleProvider.php b/packages/auth/src/OAuth/Providers/GoogleProvider.php
new file mode 100644
index 000000000..4d5c8d11d
--- /dev/null
+++ b/packages/auth/src/OAuth/Providers/GoogleProvider.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tempest\Auth\OAuth\Providers;
+
+use Tempest\Auth\OAuth\DataObjects\OAuthUserData;
+use Tempest\Auth\OAuth\IsOauthProvider;
+use Tempest\Auth\OAuth\OAuthProvider;
+
+final class GoogleProvider implements OAuthProvider
+{
+    use IsOauthProvider;
+
+    public function configure(
+        string $clientId,
+        string $clientSecret,
+        string $redirectUri,
+        ?array $defaultScopes = null,
+        string $stateSessionSlug = 'oauth-state',
+    ): self {
+        $this->defaultScopes = $defaultScopes ??= ['openid', 'email', 'profile'];
+        $this->authorizeEndpoint = 'https://accounts.google.com/o/oauth2/v2/auth';
+        $this->accessTokenEndpoint = 'https://oauth2.googleapis.com/token';
+        $this->userDataEndpoint = 'https://openidconnect.googleapis.com/v1/userinfo';
+
+        return $this->configureInternalProvider(
+            clientId: $clientId,
+            clientSecret: $clientSecret,
+            defaultScopes: $defaultScopes,
+            redirectUri: $redirectUri,
+            authorizeEndpoint: $this->authorizeEndpoint,
+            accessTokenEndpoint: $this->accessTokenEndpoint,
+            userDataEndpoint: $this->userDataEndpoint,
+            stateSessionSlug: $stateSessionSlug,
+        );
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function createUserDataFromResponse(array $userData): OAuthUserData
+    {
+        return new OAuthUserData(
+            id: $userData['sub'] ?? null,
+            nickname: $userData['given_name'] ?? null,
+            name: $userData['family_name'] ?? null,
+            email: $userData['email'] ?? null,
+            avatar: $userData['picture'] ?? null,
+            rawData: $userData,
+        );
+    }
+}
diff --git a/tests/Fixtures/Modules/Form/form.view.php b/tests/Fixtures/Modules/Form/form.view.php
index 682652896..36e2c986f 100644
--- a/tests/Fixtures/Modules/Form/form.view.php
+++ b/tests/Fixtures/Modules/Form/form.view.php
@@ -11,6 +11,7 @@
 
 <x-base title="Form">
 <!--    --><?php //if ($this->hasErrors()) {
+
 ?>
 <!--        ERROR!-->
 <!--    --><?php //}