Because of some security-related limitations, Github prevents you from implementing the OAuth Web Application Flow on a client-side only application.
This is a real bummer. So we built Gatekeeper, which is the missing piece you need in order to make it work.
Gatekeeper works well with Github.js, which helps you accessing the Github API from the browser.
GET http://localhost:9999/authenticate/TEMPORARY_CODE
Also see the documentation on Github.
-
Redirect users to request GitHub access.
GET https://github.com/login/oauth/authorize
-
GitHub redirects back to your site including a temporary code you need for the next step.
You can grab it like so:
var code = window.location.href.match(/\?code=(.*)/)[1];
-
Request the actual token using your instance of Gatekeeper, which knows your
client_secret
.$.getJSON('http://localhost:9999/authenticate/'+code, function(data) { console.log(data.token); });
- Clone it
git clone git@github.com:anvaka/gatekeeper.git
- Install Dependencies
cd gatekeeper && npm install
- Adjust config.json
{
"default" : {
"client_id": "GITHUB_APPLICATION_CLIENT_ID",
"client_secret": "GITHUB_APPLICATION_CLIENT_SECRET"
},
"oauth_host": "github.com",
"oauth_port": 443,
"oauth_path": "/login/oauth/access_token",
"oauth_method": "POST"
}
If you want to support multiple apps (e.g. one for localhost development, one for beta and one for production), you can adjust your config with use case name:
{
"local": {
"client_id": "GITHUB_APPLICATION_LOCAL_CLIENT_ID",
"client_secret": "GITHUB_APPLICATION_LOCAL_CLIENT_SECRET"
},
"beta": {
"client_id": "GITHUB_APPLICATION_BETA_CLIENT_ID",
"client_secret": "GITHUB_APPLICATION_BETA_CLIENT_SECRET"
},
"default" : {
"client_id": "GITHUB_APPLICATION_CLIENT_ID",
"client_secret": "GITHUB_APPLICATION_CLIENT_SECRET"
},
"oauth_host": "github.com",
"oauth_port": 443,
"oauth_path": "/login/oauth/access_token",
"oauth_method": "POST"
}
You can also set environment variables to override the settings if you don't want Git to track your adjusted config.json file:
export BETA='{"client_id": "CLIENT_ID", "client_secret": "CLIENT_SECRET"}'
- Serve it
$ node server.js
- Install heroku CLI. Login to heroku:
heroku login
- Create a new Heroku app
heroku apps:create
- Rename it (optional)
heroku apps:rename NEW_NAME
- Provide OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET:
heroku config:set DEFAULT='{"client_id": "CLIENT_ID", "client_secret": "CLIENT_SECRET"}'
- Push changes to heroku
git push heroku master
- Verify it is working:
curl your_app_name.herokuapp.com/
Should return something like Cannot GET /
To actually trade github code for an access token call:
curl your_app_name.herokuapp.com/authenticate/code
If you want to use a particular use case (e.g. beta), declared in your config:
curl your_app_name.herokuapp.com/authenticate/code?case=beta