This is a quick guide to OAuth2 support in GitHub for developers. This is still experimental and could change at any moment. This Gist will serve as a living document until it becomes finalized at Develop.GitHub.com.
OAuth2 is a protocol that lets external apps request authorization to private details in your GitHub account without getting your password. All developers need to register their application before getting started.
- Redirect to this link to request GitHub access:
https://github.com/login/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
- If the user accepts your request, GitHub redirects back to your site with
a temporary code in a
code
parameter. Exchange this for an access token:
POST https://github.com/login/oauth/access_token?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect&
client_secret=...&
code=...
RESPONSE:
access_token=...
- You have the access token, so now you can make requests on the user's behalf:
GET https://github.com/api/v2/json/user/show?
access_token=...
This is similar to the Web Application flow, but designed for javascript/ajax applications. The main difference is there is no temporary code used. The access token is included in the redirection from GitHub in a URI fragment.
- Redirect to this link to request GitHub access (node the use of the
type
parameter):
https://github.com/login/oauth/authorize?
client_id=...&
type=user_agent&
redirect_uri=http://www.example.com/oauth_redirect
- If the user accepts your request, GitHub redirects back to your site with
the access_code in a URI fragment. Given the example above, GitHub will
redirect to:
http://www.example.com/oauth_redirect#access_token...
coming soon... (I'd love to work closely with a desktop app developer on this).
- (no scope) - public read-only access.
user
- DB read/write access to profile info only.public_repos
- DB read/write access, and Git read access to public repos (not implemented yet).repos
- DB read/write access, and Git read access to public and private repos (not implemented yet).gists
- read/write access to public and private gists (not implemented yet).
Your application can request the scopes in the initial redirection:
https://github.com/login/oauth/authorize?
client_id=...&
scope=user,public_repos&
redirect_uri=http://www.example.com/oauth_redirect