GitHub OAuth Busy Developer's Guide
This is a quick guide to OAuth2 support in GitHub for developers. This is still experimental and could change at any moment. This Gist will serve as a living document until it becomes finalized at Develop.GitHub.com.
OAuth2 is a protocol that lets external apps request authorization to private details in your GitHub account without getting your password. All developers need to register their application before getting started.
Web Application Flow
- Redirect to this link to request GitHub access:
https://github.com/login/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
- If the user accepts your request, GitHub redirects back to your site with
a temporary code in a
code
parameter. Exchange this for an access token:
POST https://github.com/login/oauth/access_token?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect&
client_secret=...&
code=...
RESPONSE:
access_token=...
- You have the access token, so now you can make requests on the user's behalf:
GET https://github.com/api/v2/json/user/show?
access_token=...
Javascript Flow
Disabled, for now...
Desktop flow
Disabled, for now...
Scopes
- (no scope) - public read-only access (includes user profile info, public repo info, and gists).
user
- DB read/write access to profile info only.public_repo
- DB read/write access, and Git read access to public repos.repo
- DB read/write access, and Git read access to public and private repos.gist
- write access to gists.
Your application can request the scopes in the initial redirection:
https://github.com/login/oauth/authorize?
client_id=...&
scope=user,public_repo&
redirect_uri=http://www.example.com/oauth_redirect