Skip to content

Enables client-side applications to dance OAuth with GitHub.

License

Notifications You must be signed in to change notification settings

flowhub/gatekeeper

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Gatekeeper

Because of some security-related limitations, Github prevents you from implementing the OAuth Web Application Flow on a client-side only application.

This is a real bummer. So we built Gatekeeper, which is the missing piece you need in order to make it work.

Gatekeeper works well with Github.js, which helps you accessing the Github API from the browser.

It is designed for drop-in hosting on Heroku.

API

GET http://localhost:9999/authenticate/TEMPORARY_CODE

OAuth Steps

Also see the documentation on Github.

  1. Redirect users to request GitHub access.

    GET https://github.com/login/oauth/authorize
    
  2. GitHub redirects back to your site including a temporary code you need for the next step.

    You can grab it like so:

    var code = window.location.href.match(/\?code=(.*)/)[1];
  3. Request the actual token using your instance of Gatekeeper, which knows your client_secret.

    $.getJSON('http://localhost:9999/authenticate/'+code, function(data) {
      console.log(data.token);
    });

Setup your Gatekeeper

  1. Clone it

    git clone [email protected]:prose/gatekeeper.git
    
  2. Install Dependencies

    cd gatekeeper && npm install
    
  3. Adjust config.json

    {
      "client_id": "GITHUB_APPLICATION_CLIENT_ID",
      "client_secret": "GITHUB_APPLICATION_CLIENT_SECRET",
      "host": "github.com",
      "port": 443,
      "path": "/login/oauth/access_token",
      "method": "POST",
      "server": {
        "port": 9999
      }
    }

    You can also set environment variables to override the settings if you don't want Git to track your adjusted config.json file. Just use UPPER_CASE keys.

  4. Serve it

    $ node server.js
    

Run tests

There are basic automated tests in spec/. These can be ran with

    npm tests

Deploy on Heroku

  1. Create a new Heroku app

    cake heroku:create
    
  2. Rename it (optional)

    heroku apps:rename NEW_NAME
    
  3. Provide OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET:

    cake -c OAUTH_CLIENT_ID -s OAUTH_CLIENT_SECRET heroku:config
    
  4. Push changes to heroku

    cake heroku:push
    

About

Enables client-side applications to dance OAuth with GitHub.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 83.5%
  • CoffeeScript 16.5%