Sign up with GitHub buttons should redirect to https://github.com/login/oauth/authorize with our Client ID, (required), and possibly, scope=user:email via GET
GET
https://github.com/login/oauth/authorize?client_id={{our-client-id}}&scope=user:email`
If the user accepts the request, GitHub will redirect them back to our URL with a temporary code as a parameter. The code should be exchanged for an access token via a post request to the GitHub via POST
POST
https://github.com/login/oauth/access_token?
client_id={{our-client-id}}&
client_secret={{our-client-secret}}&
code={{user-temp-code}}
To implement Sign In with GitHub, we'll need to create a GitHub OAuth App. Step-by-step instructions at https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/. The following information is required to register:
Client ID
and aClient Secret
.With the application in place, we should adhere to the web application flow for authorizing OAuth Apps. Details at https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow
Sign up with GitHub buttons should redirect to
https://github.com/login/oauth/authorize
with ourClient ID
, (required), and possibly,scope=user:email
via GETIf the user accepts the request, GitHub will redirect them back to our URL with a temporary
code
as a parameter. Thecode
should be exchanged for an access token via a post request to the GitHub via POSTIn response, we should receive an access token. Notes about the form of the response at https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#response. Once we have acquired and stored the token, we can use it to authenticate the user in the authorization header.
Note: Development and testing would require a different auth strategy via personal access tokens. More on creating those at https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line