Sign in users with GitHub
This document shows you how to use Identity Platform to sign in users with GitHub.
Before you begin
This tutorial assumes you've already enabled Identity Platform, and have a basic web app written using HTML and JavaScript. To learn about how to enable Identity Platform and sign in, see Quickstart.
Configure GitHub as a provider
To configure GitHub as an identity provider:
- Go to the Identity Providers page in the Google Cloud console.
- Click Add A Provider.
- Select GitHub from the list.
- Enter your GitHub Client ID and Client Secret. If you don't already have an ID and secret, you can obtain one from the GitHub Applications page.
-
Configure the URI listed under Configure GitHub as a valid OAuth
redirect URI for your GitHub app. If you configured a custom domain in Identity Platform,
update the redirect URI in your GitHub app configuration to use the custom domain instead
of the default domain. For example, change
https://myproject.firebaseapp.com/__/auth/handlertohttps://auth.myownpersonaldomain.com/__/auth/handler. -
In the Project settings side pane, click Add Domain, and add your
app's domain.
We recommend that you don't include
localhostin your production projects. - In the Configure your application section, click Setup Details. Copy the snippet into your app's code to initialize the Identity Platform client SDK.
- Click Save.
Sign in users with the client SDK
-
Create an instance of the GitHub provider object:
Web version 9
import{GithubAuthProvider}from"firebase/auth"; constprovider=newGithubAuthProvider();
Web version 8
varprovider=newfirebase.auth.GithubAuthProvider();
-
Optional: Add OAuth scopes. Scopes specify what data you're
requesting from GitHub. More sensitive data may require specific
scopes. Consult the provider's
documentation
to determine what scopes your app needs.
Web version 9
provider.addScope('repo');
Web version 8
provider.addScope('repo');
-
Optional: Localize the authentication flow. You can specify a language,
or use the device's default language:
Web version 9
import{getAuth}from"firebase/auth"; constauth=getAuth(); auth.languageCode='it'; // To apply the default browser preference instead of explicitly setting it. // auth.useDeviceLanguage();
Web version 8
firebase.auth().languageCode='it'; // To apply the default browser preference instead of explicitly setting it. // firebase.auth().useDeviceLanguage();
-
Optional: Specify additional custom OAuth parameters. These are
specific to GitHub, and are typically used to customize the
authentication experience. You can't pass parameters reserved by OAuth or
Identity Platform.
Web version 9
provider.setCustomParameters({ 'allow_signup':'false' });
Web version 8
provider.setCustomParameters({ 'allow_signup':'false' });
-
Use the GitHub provider object to sign in the user. You can either
open a pop-up window, or redirect the current page. Redirecting is easier
for users on mobile devices.
To show a pop-up, call
signInWithPopup():Web version 9
import{getAuth,signInWithPopup,GithubAuthProvider}from"firebase/auth"; constauth=getAuth(); signInWithPopup(auth,provider) .then((result)=>{ // This gives you a GitHub Access Token. You can use it to access the GitHub API. constcredential=GithubAuthProvider.credentialFromResult(result); consttoken=credential.accessToken; // The signed-in user info. constuser=result.user; // IdP data available using getAdditionalUserInfo(result) // ... }).catch((error)=>{ // Handle Errors here. consterrorCode=error.code; consterrorMessage=error.message; // The email of the user's account used. constemail=error.customData.email; // The AuthCredential type that was used. constcredential=GithubAuthProvider.credentialFromError(error); // ... });
Web version 8
firebase .auth() .signInWithPopup(provider) .then((result)=>{ /** @type {firebase.auth.OAuthCredential} */ varcredential=result.credential; // This gives you a GitHub Access Token. You can use it to access the GitHub API. vartoken=credential.accessToken; // The signed-in user info. varuser=result.user; // IdP data available in result.additionalUserInfo.profile. // ... }).catch((error)=>{ // Handle Errors here. varerrorCode=error.code; varerrorMessage=error.message; // The email of the user's account used. varemail=error.email; // The firebase.auth.AuthCredential type that was used. varcredential=error.credential; // ... });
To redirect the page, first call
signInWithRedirect().Follow the best practices when using
signInWithRedirect,linkWithRedirect, orreauthenticateWithRedirect.Web version 9
import{getAuth,signInWithRedirect}from"firebase/auth"; constauth=getAuth(); signInWithRedirect(auth,provider);
Web version 8
firebase.auth().signInWithRedirect(provider);
Then, retrieve the GitHub token by calling
getRedirectResult()when your page loads:Web version 9
import{getAuth,getRedirectResult,GithubAuthProvider}from"firebase/auth"; constauth=getAuth(); getRedirectResult(auth) .then((result)=>{ constcredential=GithubAuthProvider.credentialFromResult(result); if(credential){ // This gives you a GitHub Access Token. You can use it to access the GitHub API. consttoken=credential.accessToken; // ... } // The signed-in user info. constuser=result.user; // IdP data available using getAdditionalUserInfo(result) // ... }).catch((error)=>{ // Handle Errors here. consterrorCode=error.code; consterrorMessage=error.message; // The email of the user's account used. constemail=error.customData.email; // The AuthCredential type that was used. constcredential=GithubAuthProvider.credentialFromError(error); // ... });
Web version 8
firebase.auth() .getRedirectResult() .then((result)=>{ if(result.credential){ /** @type {firebase.auth.OAuthCredential} */ varcredential=result.credential; // This gives you a GitHub Access Token. You can use it to access the GitHub API. vartoken=credential.accessToken; // ... } // The signed-in user info. varuser=result.user; // IdP data available in result.additionalUserInfo.profile. // ... }).catch((error)=>{ // Handle Errors here. varerrorCode=error.code; varerrorMessage=error.message; // The email of the user's account used. varemail=error.email; // The firebase.auth.AuthCredential type that was used. varcredential=error.credential; // ... });
After you have an access token, you can use it to call the GitHub API. For example:
REST
curl-H"Authorization: Bearer [TOKEN]"https://api.github.com/gists/starredSign in users manually
If you don't want to use the client SDK, you can also handle the sign-in flow manually:
- Integrate GitHub authentication into your app by following the steps in their developer documentation.
- Sign in the user with GitHub using the flow you implemented in the previous step.
-
Exchange the token you receive from GitHub for an
Identity Platform credential:
Web version 9
import{GithubAuthProvider}from"firebase/auth"; constcredential=GithubAuthProvider.credential(token);
Web version 8
varcredential=firebase.auth.GithubAuthProvider.credential(token);
-
Use the credential to sign in the user with Identity Platform:
Web version 9
import{getAuth,signInWithCredential}from"firebase/auth"; // Sign in with the credential from the user. constauth=getAuth(); signInWithCredential(auth,credential) .then((result)=>{ // Signed in // ... }) .catch((error)=>{ // Handle Errors here. consterrorCode=error.code; consterrorMessage=error.message; // The email of the user's account used. constemail=error.customData.email; // ... });
Web version 8
// Sign in with the credential from the user. firebase.auth() .signInWithCredential(credential) .then((result)=>{ // Signed in // ... }) .catch((error)=>{ // Handle Errors here. consterrorCode=error.code; consterrorMessage=error.message; // The email of the user's account used. constemail=error.email; // ... });
What's next
- Learn more about Identity Platform users.
- Sign in users with other identity providers.