Skip to content

octocus/github-oauth-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.do
.do
 
 
.github/workflows
.github/workflows
 
 
.mvn/wrapper
.mvn/wrapper
 
 
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Github-OAuth-Proxy

Hosting your own GitHub OAuth /access_token endpoint for your Single Page Application (SPA) to exchange the code for an access_token.

Why needed?

GitHub currently does not support exchanging the code for an access token from a browser.

This means that if you are developing an SPA which purely runs on browser (no backend), you will get CORS error when requesting POST https://github.com/login/oauth/access_token (as documented in their doc) from a browser. It is also not a good idea to store client_secret on the client side.

This project solves the aforementioned problem by building a thin proxy between your SPA and GitHub's /login/oauth/access_token endpoint, where

  • CORS is supported. (Access-Control-Allow-* headers are set properly.)
  • Clients do not need to provide client_id and client_secret in their requests.

API

HTTP payload

After a user is redirected back to your site by GitHub successfully, instead of requesting GitHub according to "Step 2", request the API of this service like below.

POST ${YOUR_HOST_NAME}/access_token?code=${oauthCode}

The response payload is expected to be the same as what is returned from GitHub.

axis

const params = new URLSearchParams();
params.append('code', oauthCode);
return await axios.post(`${YOUR_HOST_NAME}/access_token`, params, {
  headers: {
    'Accept': 'application/json'
  }
});

Deployment

Docker

docker run -d \
  -e GITHUB_CLIENT_ID="${GITHUB_CLIENT_ID}" \
  -e GITHUB_CLIENT_SECRET="${GITHUB_CLIENT_SECRET}" \
  -p 8080:8080 \
  zetaplusae/github-oauth-proxy

DigitalOcean

Deploy to DigitalOcean

Note:

Do not forget to edit and provide the following Environment Variables for the web service on the second step:

  • GITHUB_CLIENT_ID
  • GITHUB_CLIENT_SECRET

Other configurations

You can also customize the service by providing the environment variables listed below.

Env Name Required Default Description
GITHUB_CLIENT_ID YES N/A The client_id of your OAuth application registered on GitHub. (See: Creating an OAuth App)
GITHUB_CLIENT_SECRET YES N/A The client_secret of your OAuth application registered on GitHub. (See: Creating an OAuth App)
GITHUB_ACCESS_TOKEN_URL NO https://github.com/login/oauth/access_token The URL endpoint to exchange a code for an access token.
HTTP_PORT NO 8080 The port of the HTTP Server inside the container.
ACCESS_TOKEN_PATH NO /access_token The path that serves the request.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages