GitHub OAuth2 strategy for Überauth.
-
Setup your application at GitHub Developer.
-
Add
:ueberauth_github
to your list of dependencies inmix.exs
:def deps do [ {:ueberauth_github, "~> 0.8"} ] end
-
Add GitHub to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ github: {Ueberauth.Strategy.Github, []} ]
-
Update your provider configuration:
config :ueberauth, Ueberauth.Strategy.Github.OAuth, client_id: System.get_env("GITHUB_CLIENT_ID"), client_secret: System.get_env("GITHUB_CLIENT_SECRET")
Or, to read the client credentials at runtime:
config :ueberauth, Ueberauth.Strategy.Github.OAuth, client_id: {:system, "GITHUB_CLIENT_ID"}, client_secret: {:system, "GITHUB_CLIENT_SECRET"}
-
Include the Überauth plug in your router:
defmodule MyApp.Router do use MyApp.Web, :router pipeline :browser do plug Ueberauth ... end end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.Auth
andUeberauth.Failure
responses.
For an example implementation see the Überauth Example application.
Depending on the configured url you can initiate the request through:
/auth/github
Or with options:
/auth/github?scope=user,public_repo
By default the requested scope is "user,public\_repo"
. This provides both read
and write access to the GitHub user profile details and public repos. For a
read-only scope, either use "user:email"
or an empty scope ""
. Empty scope
will only request minimum public information which even excludes user's email address
which results in a nil
for email
inside returned %Ueberauth.Auth.Info{}
.
See more at GitHub's OAuth Documentation.
Scope can be configured either explicitly as a scope
query value on the
request path or in your configuration:
config :ueberauth, Ueberauth,
providers: [
github: {Ueberauth.Strategy.Github, [default_scope: "user,public_repo,notifications"]}
]
It is also possible to disable the sending of the redirect_uri
to GitHub.
This is particularly useful when your production application sits behind a
proxy that handles SSL connections. In this case, the redirect_uri
sent by
Ueberauth
will start with http
instead of https
, and if you configured
your GitHub OAuth application's callback URL to use HTTPS, GitHub will throw an
uri_mismatch
error.
To prevent Ueberauth
from sending the redirect_uri
, you should add the
following to your configuration:
config :ueberauth, Ueberauth,
providers: [
github: {Ueberauth.Strategy.Github, [send_redirect_uri: false]}
]
GitHub now allows you to keep your email address private. If you don't mind
that you won't know a users email address you can specify
allow_private_emails
. This will set the users email as
id+username@users.noreply.github.com
.
config :ueberauth, Ueberauth,
providers: [
github: {Ueberauth.Strategy.Github, [allow_private_emails: true]}
]
Copyright (c) 2015 Daniel Neighman
This library is released under the MIT License. See the LICENSE.md file