This is a quick guide to OAuth2 support in GitHub for developers. This is still experimental and could change at any moment. This Gist will serve as a living document until it becomes finalized at Develop.GitHub.com.
OAuth2 is a protocol that lets external apps request authorization to private details in your GitHub account without getting your password. All developers need to register their application before getting started.
- Redirect to this link to request GitHub access:
https://github.com/login/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
- If the user accepts your request, GitHub redirects back to your site with
a temporary code in a
code
parameter. Exchange this for an access token:
POST https://github.com/login/oauth/access_token?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect&
client_secret=...&
code=...
RESPONSE:
access_token=...
- You have the access token, so now you can make requests on the user's behalf:
GET https://github.com/api/v2/json/user/show?
access_token=...
Disabled, for now...
Disabled, for now...
- (no scope) - public read-only access (includes user profile info, public repo info, and gists).
user
- DB read/write access to profile info only.public_repo
- DB read/write access, and Git read access to public repos.repo
- DB read/write access, and Git read access to public and private repos.gist
- write access to gists.
Your application can request the scopes in the initial redirection:
https://github.com/login/oauth/authorize?
client_id=...&
scope=user,public_repo&
redirect_uri=http://www.example.com/oauth_redirect
The FormData workaround for
POST to https://github.com/login/oauth/access_token
doesn't seem to be working anymore - still getting a 404 pre-flight response. Any ideas why?