Compatible with gh-pages sites?

[wireddown]

Does Gatekeeper allow a site hosted via gh-pages to authenticate with the GitHub API?

Update: Yes, this is possible -- see the last comment.

Original question:

From what I've read (see footnotes), I don't believe this is possible. It appears that when GitHub redirects a user back to your site after successful authentication, the server must dynamically combine GitHub's temporary code with your site's OAuth application client ID and secret to retrieve an OAuth token for the user. Such dynamic behavior is not possible with a static Jekyll site like gh-pages.

If, however, your site is hosted by Heroku or Azure, then Gatekeeper can streamline the web application flow for GitHub authentication.

Footnotes

1. GitHub OAuth: Web Application Flow
2. How I Created a Simple DBMS using GitHub, Jekyll, Prose and Heroku
3. Deploying Jekyll on Heroku

[anandthakker]

@wireddown In fact, this is exactly what gatekeeper is for! Check out the Oauth Steps section of the readme. When github redirects back to your gh-pages site, it'll have a ?code= query parameter; using client side javascript, you can grab that code and use it to ask a running gatekeeper instance for a token.

In other words: if you've got an instance of gatekeeper running somewhere (heroku, etc.), then the rest of your site can be all client-side.

[wireddown]

I think I follow now -

1. Client sends user to GitHub
2. User authenticates
3. GitHub redirects back to client
4. Client extracts code from redirect
5. Client uses Gatekeeper instance to retrieve user's OAuth token
6. Client persists user's token in localStorage, or elsewhere

Thanks :-)

[anandthakker]

Yep, that's it!

[wireddown]

For other readers, here is baseline proof-of-concept:

https://github.com/vjeux/GithubLogin