Skip to content

Add Github login

You can add Github login to your applications using WSO2 Identity Server and enable users to log in with their Github accounts.

Follow this guide for instructions.

Register WSO2 Identity Server on Github

You need to register WSO2 Identity Server as an OAuth app on GitHub.


You can follow the Github documentation for detailed instructions.

  1. Log in to Github, click your profile icon, and click Settings.
  2. On the left panel of the Settings page, click Developer settings.
  3. Under OAuth apps, click Register a new application.

    Register oauth2 app in Github

  4. Give the application a name and the following URLs:

    • Homepage URL


    • Authorization callback URL


    Enter Github app details

  5. Click Register application.

  6. Generate a new client secret and take note of the Client ID and Client secret.

Register the Github IdP

Now, let's register the Github IdP in WSO2 Identity Server.

  1. On the WSO2 Identity Server Console, go to Connections.
  2. Click New Connections and select Github.
  3. Enter the following details and click Finish:

    Add Github IDP in WSO2 Identity Server

    Parameter Description
    Name A unique name for this Github identity provider.
    Client ID The client ID obtained from Github.
    Client secret The client secret obtained from Github.

  4. If required, you can disable JIT user provisioning.

When a user logs in with an external identity provider using the same email address registered in a local account, JIT-provisioning overrides the attributes of the local account with the attributes received from the external identity provider.

WSO2 Identity Server, by default, disables Just-In-Time (JIT) user provisioning for your external identity provider.

To enable JIT-provisioning,

  1. On the WSO2 Identity Server Console, click Connections and select the relevant connection.

  2. Go to the Just-in-Time Provisioning tab of the selected connection.

  3. Check/Uncheck the Just-in-Time (JIT) User Provisioning checkbox to enable/disable it.

    enable/disable JIT user provisioning

  4. Click Update to save the changes.


After the GitHub identity provider is created, go to the Settings tab and see the list of scopes to which Github has granted permissions.

  • email: Grants read access to a user's primary email address.
  • public_profile: Grants read access to a user's default public profile details.


WSO2 Identity Server needs these scopes to get user information. WSO2 Identity Server checks the attribute configurations of the application and sends the relevant attributes received from Github to the app. You can read the Github Documentation to learn more.

Enable GitHub login

Before you begin

You need to register an application with WSO2 Identity Server. You can register your own application or use one of the sample applications provided.

  1. On the WSO2 Identity Server Console, go to Applications.
  2. Select your application, go to the Login Flow tab and add Github login from your preferred editor:

    1. Click Add Sign In Option to add a new authenticator to the first step.

    2. Select the Github connection.

    3. Click Confirm to add login with Github to the sign-in flow.

      Configuring Github login in WSO2 Identity Server using the Visual Editor


    It is recommended to add your social and enterprise connections to the first authentication step as they are used for identifying the user.

  3. Click Update to save your changes.

Try it out

Follow the steps given below.

  1. Access the application URL.

  2. Click Login to open the WSO2 Identity Server login page.

  3. On the WSO2 Identity Server login page, Sign in with Github.

    Login with Github

  4. Log in to GitHub with an existing user account.


When a user successfully logs in with Github for the first time, a user account is created in the WSO2 Identity Server Console with the Github username. This new user account will be managed by GitHub.

Configure connection

To learn more about other configurations available for the connection, refer to the add federated login documentation.