GitHub App - User Authentication/Authorization through GitHub APIs

Question

I am new to GitHub Apps. I have used GitHub OAuth before, but finding it a bit difficult to understand the user authentication and authorization for GitHub Apps. My use case is as follows -

A user will visit my website, login with their GitHub credentials and at that time the user needs to accept the permission I seek from their profile (ex. Repository, PRs, etc.) and display those repositories and PR on my website and perform some actions on them.

I have primarily 1 question at a high level.

The API endpoints and what all keys are needed to authenticate and authorize a user so as to get all the requested items like repositories etc. and more importantly the next time the user logs in he should not need to accept the permission to access his repositories. (Similar to this codefactor site)

I would like to have an architecture level solution if not a code example. I am using Python (Django) to build my project but code examples in other languages are also welcomed.

Answer 1

OP can use the module Django Social Auth. Their docs have an entire section dedicated to GitHub. They will handle all of that process for one.

Essentially, here's what one has to do

1 Install the module

pip install social-auth-app-django

2 Add it to your settings.py the variable INSTALLED_APPS as

INSTALLED_APPS = [
    ...
    'social_django',
    ...
]

3 Sync the database

python manage.py migrate

4 Add GitHub authentication backends to Django’s AUTHENTICATION_BACKENDS setting

AUTHENTICATION_BACKENDS = [
  ...

  'social_core.backends.github.GithubOAuth2', 
  ...
]

5 Add URL entries

urlpatterns = patterns('',
    ...
    url('', include('social_django.urls', namespace='social'))
    ...
)

6 Register a new application at GitHub Developers, set the callback URL to http://example.com/complete/github/ replacing example.com with one's domain (could even be http://localhost:8000/complete/github/ if testing locally). This will generate a Client Key and a Client Secret.

7 Add these values of Client ID and Client Secret from GitHub in your project settings file.

SOCIAL_AUTH_GITHUB_KEY = 'a1b2c3d4'
SOCIAL_AUTH_GITHUB_SECRET = 'e5f6g7h8i9`

8 One is now able to use in one's template, like

<a href="{% url "social:begin" "github" %}">Sign in with GitHub</a>

Clicking in that link will then redirect one to the page to accept permissions, just like Codefactor.

Apart from the docs, there are some good articles out there that one can also use for reference, such as How to Add Social Login to Django by Vitor Freitas.