Because of some security-related limitations, Github prevents you from implementing the OAuth Web Application Flow on a client-side only application.
This is a real bummer. So we built Gatekeeper, which is the missing piece you need in order to make it work.
Gatekeeper works well with Github.js, which helps you accessing the Github API from the browser.
GET http://localhost:9999/authenticate/TEMPORARY_CODE
Also see the documentation on Github.
-
Redirect users to request GitHub access.
GET https://github.com/login/oauth/authorize
-
GitHub redirects back to your site including a temporary code you need for the next step.
You can grab it like so:
var code = window.location.href.match(/\?code=(.*)/)[1];
-
Request the actual token using your instance of Gatekeeper, which knows your
client_secret
.$.getJSON('http://localhost:9999/authenticate/'+code, function(data) { console.log(data.token); });
-
Clone it
git clone git@github.com:prose/gatekeeper.git
-
Install Dependencies
cd gatekeeper && npm install
-
Adjust config.json
{ "oauth_client_id": "GITHUB_APPLICATION_CLIENT_ID", "oauth_client_secret": "GITHUB_APPLICATION_CLIENT_SECRET", "oauth_host": "github.com", "oauth_port": 443, "oauth_path": "/login/oauth/access_token", "oauth_method": "POST", "port": 9999 }
You can also set environment variables to override the settings if you don't want Git to track your adjusted config.json file. Just use UPPER_CASE keys.
-
Serve it
$ node server.js
Use the button below to instantly setup your own Gatekeeper instance on Heroku.
-
Create a new Heroku app
heroku apps:create APP_NAME
-
Provide OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET:
heroku config:set OAUTH_CLIENT_ID=XXXX OAUTH_CLIENT_SECRET=YYYY
-
Push changes to heroku
git push heroku master
OR
heroku restart
##Deploy on Azure
Use the button below to instantly setup your own Gatekeeper instance on Azure.
-
Create a new Azure site
azure site create SITE_NAME --git
-
Provide OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET:
azure site appsetting add OAUTH_CLIENT_ID=XXXX azure site appsetting add OAUTH_CLIENT_SECRET=YYYY
-
Push changes to Azure
git push azure master