Add Github login¶
You can add Github login to your applications using WSO2 Identity Server and enable users to log in with their Github accounts.
Follow this guide for instructions.
Register WSO2 Identity Server on Github¶
You need to register WSO2 Identity Server as an OAuth app on GitHub.
Note
You can follow the Github documentation for detailed instructions.
- Log in to Github, click your profile icon, and click Settings.
- On the left panel of the Settings page, click Developer settings.
-
Under OAuth apps, click Register a new application.
-
Give the application a name and the following URLs:
-
Homepage URL
https://localhost:9443 -
Authorization callback URL
https://localhost:9443/commonauth
-
-
Click Register application.
- Generate a new client secret and take note of the Client ID and Client secret.
Register the Github IdP¶
Now, let's register the Github IdP in WSO2 Identity Server.
- On the WSO2 Identity Server Console, go to Connections.
- Click New Connections and select Github.
-
Enter the following details and click Finish:
Parameter Description Name A unique name for this Github identity provider. Client ID The client ID obtained from Github. Client secret The client secret obtained from Github. -
If required, you can disable JIT user provisioning.
When a user logs in with an external identity provider using the same email address registered in a local account, JIT-provisioning overrides the attributes of the local account with the attributes received from the external identity provider.
WSO2 Identity Server, by default, disables Just-In-Time (JIT) user provisioning for your external identity provider.
To enable JIT-provisioning,
-
On the WSO2 Identity Server Console, click Connections and select the relevant connection.
-
Go to the Just-in-Time Provisioning tab of the selected connection.
-
Check/Uncheck the Just-in-Time (JIT) User Provisioning checkbox to enable/disable it.
-
Click Update to save the changes.
Note
-
Learn more about JIT provisioning configurations in configure JIT user provisioning.
-
You can use the identity provider APIs to customize the attribute syncing behavior between the external identity provider and WSO2 Identity Server.
After the GitHub identity provider is created, go to the Settings tab and see the list of scopes to which Github has granted permissions.
- email: Grants read access to a user's primary email address.
- public_profile: Grants read access to a user's default public profile details.
Note
WSO2 Identity Server needs these scopes to get user information. WSO2 Identity Server checks the attribute configurations of the application and sends the relevant attributes received from Github to the app. You can read the Github Documentation to learn more.
Enable GitHub login¶
Before you begin
You need to register an application with WSO2 Identity Server. You can register your own application or use one of the sample applications provided.
- On the WSO2 Identity Server Console, go to Applications.
-
Select your application, go to the Login Flow tab and add Github login from your preferred editor:
-
Click Add Sign In Option to add a new authenticator to the first step.
-
Select the Github connection.
-
Click Confirm to add login with Github to the sign-in flow.
Recommendations
It is recommended to add your social and enterprise connections to the first authentication step as they are used for identifying the user.
-
-
Click Update to save your changes.
Try it out¶
Follow the steps given below.
-
Access the application URL.
-
Click Login to open the WSO2 Identity Server login page.
-
On the WSO2 Identity Server login page, Sign in with Github.
-
Log in to GitHub with an existing user account.
Note
When a user successfully logs in with Github for the first time, a user account is created in the WSO2 Identity Server Console with the Github username. This new user account will be managed by GitHub.
Configure connection¶
To learn more about other configurations available for the connection, refer to the add federated login documentation.