Registering OAuth with Github

Here is how you set up the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET credentials that you need when using Github as an OAuth provider.

Navigate to the Developer Settings, OAuth Applications

We have to register our application with Github so that we can use Github as an OAuth. To get to the necessary spot on Github, do this:

  1. Choose Settings from upper right drop down menu next to your personal avatar

  2. Find the Developer Menu, which is pretty far down the page on the left hand side. Find OAuth Apps on that menu.

  3. Click the “Register a New Application” button.

Then follow the below pictures:

Extra Explanation of Above

The Application Name can be anything, it's just the name for the application displayed in Github.

The Homepage URL must match your Heroku URL.

The Authorization callback URL is the URL that gets redirected to after Github has authorized the user. We redirect them to our link with the suffix /login/authorized because in our code, we will add a handler at the /login/authorized path to check if the user actually got logged in (and to handle anything else necessary, i.e. to check if the user is a part of a specific organization). More on this in the next lesson.

Think of the Client ID and Client Secret as a username and password, generated by Github. Github uses this to know which application is requesting its OAuth.

If you haven't deployed your project to Heroku yet (which is fine), then just put random values for Homepage URL and Authorization callback URL for now (make sure to update it later though, once you've deployed it to Heroku and have your URL!!).

You should keep this tab open, as you'll need it later.


Note: Do Not Hardcode the Client ID and Client Secret in your code! Putting your Client ID and Client Secret in your code, which is pushed to Github, is like putting a username and password online for everyone to read. It'll compromise the security of your application! We'll go more into detail about this later, and show you a what to do instead of hard coding it into your code.


Let's move onto the next lesson.