This article is a simple guide on how to implement GitHub OAuth for a secure user authentication.
In this guide we will be able to
- seamlessly create or login a user using their GitHub credentials
- save users credentials for later use
Prerequisite
To get the best out of this article users should have a fair understanding on
We are going to implement this in 3 simple steps
- 1. setup GitHub
- 2. setup Django
- 3. test authentication endpoint
1. Setup GitHub
Create your GitHub OAuth credentials by going to to settings on your GitHub account, scroll down to where you see Developer settings, click on OAuth Apps as shown below.
If you have an existing app you can edit it else you can create a new one by clicking on New OAuth App and create a new one, give a clear and descriptive name for the app, add to your Homepage URL http://localhost:8000/ you might want to substitute localhost: for 127.0.0.1: if that's how you've configured your Django app to run point been that whatever configuration you setup on GitHub should match with what you have on your app to avoid server errors been thrown, add to Authorization callback URL this callback url http://localhost:8000/api/auth/github/login/callback/ your setup should reflect what you see in the image below.
Copy and save your Client ID and Client Secrets as shown below for later use on your Django project 
2. Setup Django
Run pip install django-allauth dj-rest-auth requests in other to install these packages. In the settings.py file of your app add the following code block to your
SOCIALACCOUNT_PROVIDERS = {
'github': {
'APP': {
'client_id': '<github_client_id>',
'secret': '<github_secret_keys>',
'key': ''
}
}
}
SITE_ID = 1
if you wish to capture the email of an authenticated users in the admin you can include this line of code to your projects settings.py file
ACCOUNT_EMAIL_REQUIRED = True
We continue to modify our settings.py file by adding the following code block
'rest_framework',
'rest_framework.authtoken',
'dj_rest_auth',
'django.contrib.sites',
'allauth',
'allauth.account',
'allauth.socialaccount',
'allauth.socialaccount.providers.github'
in the middlesware of your settings.py file include this line of code
'allauth.account.middleware.AccountMiddleware',
Lastly we modify the projects urls.py file by adding the following code block
from allauth.socialaccount.providers.github import views as github_views
path('api/auth/github/login/', github_views.oauth2_login, name='github_login'),
path('api/auth/github/login/callback/', github_views.oauth2_callback, name='github_callback'),
NB: The modification should be done in the project's urls.py file and not the app's urls.py file
3. Test authentication endpoint
All done ? visit the endpoint http://localhost:8000/api/auth/github/login/ you should be redirected to a page like this 
and when you click on the Continue button you should be redirected to GitHub's authorization page 
Additional consideration
You notice after a successful authentication you're been redirected to http://localhost:8000/accounts/profile/ which displays a 404 error page. 
To fix this we can create an endpoint /accounts/profile to your apps urls.py file and then create a relative views for that endpoint. If your endpoint and views are setup correctly then you should now see this instead of 404 error page 
Difference between dj-auth-rest and social-auth-app-django
dj-auth-rest and social-auth-app-django are both libraries used to facilitate authentication in Django projects, but they cater to different needs and operate differently
dj-auth-rest is used for an API based project while social-auth-app-django is used for a web based project and both can be used on the same project
Conclusion
Integrating GitHub OAuth into your Django application provides a secure and user-friendly way for individuals to log in using their GitHub credentials.
Using this guide, you can enhance your application's security, streamline the login process, and improve the overall user experience while accessing relevant user data.
Top comments (0)