GitHub
Allow users to sign in with their GitHub account. GitHub OAuth is well-suited for developer tools and platforms where your users are likely to already have a GitHub account.
GitHub Developer Settings Setup
1. Create an OAuth App
Go to github.com/settings/developers and click New OAuth App, or navigate to your organization's Settings if you want the app owned by an org.
Fill in the following fields:
- Application name: A user-visible name shown on the authorization screen
- Homepage URL: Your application's public URL
- Authorization callback URL: The gate callback URL for GitHub:
https://gate.yorauth.com/oauth/github/callback
You can retrieve the exact callback URL for your application from the dashboard API:
curl -X GET "https://api.yorauth.com/api/dashboard/applications/{applicationId}/providers/{providerId}/callback-url" \
-H "Authorization: Bearer your-api-key"
2. Get Your Credentials
After creating the app, GitHub will display your Client ID. Click Generate a new client secret to create a Client Secret. Store this immediately — GitHub will not show it again.
GitHub client secrets are only shown once at creation time. If you lose it, you must generate a new one and update your YorAuth configuration.
Default Scopes
Gate requests the following scopes by default for GitHub:
| Scope | Purpose |
|---|---|
user:email | Read the user's email addresses |
read:user | Read the user's profile data |
GitHub does not use OpenID Connect, so there is no openid scope. User identity is established via the GitHub user ID returned by their API.
Configuration in YorAuth
Once you have your Client ID and Client Secret from GitHub, configure the provider for your application:
curl -X POST "https://api.yorauth.com/api/dashboard/applications/{applicationId}/providers/configure" \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"provider_id": "{githubMarketplaceProviderId}",
"configuration_mode": "byoa",
"client_id": "your-github-client-id",
"client_secret": "your-github-client-secret",
"scopes": ["user:email", "read:user"]
}'
Retrieve the marketplace provider ID for GitHub:
curl "https://api.yorauth.com/api/dashboard/applications/{applicationId}/providers/marketplace?search=github" \
-H "Authorization: Bearer your-api-key"
GitHub-Specific Behavior
No Refresh Tokens
GitHub does not issue refresh tokens for standard OAuth Apps. GitHub access tokens do not expire by default. YorAuth stores the token but the expires_at field and last_refreshed_at field are not relevant for GitHub unless you are using GitHub Apps (which use short-lived installation tokens — a different flow not covered here).
Email Visibility
GitHub users can set their email addresses to private. When a user's primary email is private, GitHub will not include it in the user profile response. The user:email scope grants access to the list of verified email addresses so YorAuth can retrieve the primary email even if it is set to private on the user's public profile.
If a user has no verified public email and does not grant user:email, the email field on the connection's provider_user_info will be null.
Organization OAuth Apps vs. GitHub Apps
This integration uses the standard OAuth App flow. If you need fine-grained repository permissions or GitHub Apps-style installation tokens, that requires a different implementation not currently supported by YorAuth's gate.
Testing the Flow
Once configured, generate a test login URL:
curl "https://api.yorauth.com/api/dashboard/applications/{applicationId}/providers/{configId}/test-login-url" \
-H "Authorization: Bearer your-api-key"
Open the returned authorize_url in a browser to verify the GitHub sign-in button appears and the full flow completes.