My latest addition to my hackaton project has been the implementation of user authentication through the GitHub OAuth API. Users can now start a session with their accounts to gain access to restricted pages and also destroy their sessions and sign out.
The way it works is quite simple: when we register an OAuth application with GitHub we can generate a link that will show the authorization screen, we can also set a callback URL that GitHub will redirect to after the user accepts. When the user is redirected, GitHub adds a code to a query parameter of our callback URL. This code is sent to my application server where it can be traded for a token. Since the scope of my application is empty, this token can only really be used to read publicly available data on the user that tried to sign in, but if our application had more in-depth integration with GitHub's services we could add other things to the scope and take actions on behalf of the user, such as creating repos, commenting on issues etc. After the application reads the user data it checks to see if that user already exists in our database, if it doesn't it creates a new one, if it does it simply updates that user's information. The server can finally emit a JWT for that user and return it with some session information.
On the front end side of things, I am using the context API to keep session information and persisting it trough the browsers local storage (I realize this isn't the end-all solution for JWT safe-keeping but it will be improved upon later).
I'd love it if you gave it a try at this link and let me know what you think.
Have a great hackaton!