Research/Outline Sign In with GitHub API

[partiallymisplaced]

To implement Sign In with GitHub, we'll need to create a GitHub OAuth App. Step-by-step instructions at https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/. The following information is required to register:

• Application name
• Homepage URL
• Application description (optional)
• Callback URL A logo can be added afterwards. We will be issued a Client ID and a Client Secret.

With the application in place, we should adhere to the web application flow for authorizing OAuth Apps. Details at https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow

• Sign up with GitHub buttons should redirect to https://github.com/login/oauth/authorize with our Client ID, (required), and possibly, scope=user:email via GET

  GET 
  https://github.com/login/oauth/authorize?client_id={{our-client-id}}&scope=user:email`

  More info and additional scopes at `https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps

• If the user accepts the request, GitHub will redirect them back to our URL with a temporary code as a parameter. The code should be exchanged for an access token via a post request to the GitHub via POST

  POST 
  https://github.com/login/oauth/access_token?
  client_id={{our-client-id}}&
  client_secret={{our-client-secret}}&
  code={{user-temp-code}}

• In response, we should receive an access token. Notes about the form of the response at https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#response. Once we have acquired and stored the token, we can use it to authenticate the user in the authorization header.

If the user does not accept the request, GitHub will send a callback with an error. More info at https://developer.github.com/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/

Note: Development and testing would require a different auth strategy via personal access tokens. More on creating those at https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line

[nurmerey]

This task is already completed by @partiallymisplaced