Tools Blog Learn Quizzes Smile API Log In / Sign Up
Tools Blog Learn Quizzes Smile API Log In / Sign Up
« Return to the tutorials list
We have updated our privacy policy to let you know that we use cookies to personalise content and ads. We also use cookies to analyse our traffic and we share information about your use of our site and application with our advertising and analytics partners. By using this website or our application you agree to our use of cookies. Learn more about the way this website uses cookies or remove this message.

Login with GitHub using PHP

Difficulty: 35 / 50 Tweet
Github-Jacket-Mug

This tutorial is not intended as a comprehensive package that fully exploits the GitHub API. It is however, a "guide" that is meant to show you how OAuth2 works by providing a practical example through the use of the GitHub API.

Using this package will authenticate users through their GitHub account by checking their public profile which in turn would represent enough to start a session on the website that creates the request. In this package I use the Slim Framework to read data from requests and configuration parameters, but the thing can be adapted to work with any framework.

First thing is first... to be able to use the API, go to your Github account and create a new application by navigating to Settings » Applications » Register new application. Then fill in the required information to get started. I use only one URL for initiating the call and for capturing responses through the callback URL, but you can adapt that if you want.

To get the package clone it on Github or use composer:
    
    composer require codepunker\loginwithgithub        
    

Now let me explain how this works.

OAuth is a protocol that is used by services to provide third-party apps access to some of their user-related data through a session token. For the sake of clarity we will call the service we're connecting to "the server" (ex: Github.com) and the app that is connecting to it "the client" (ex: Codepunker.com).

Typically, Oauth "servers" will describe the process that the client must follow in order to gain access to user-related resources on the server without sharing their credentials with the client app.

In this particular case, the Github API (Which relies on OAuth2) requires "clients" to follow these 3 steps in order to gain access to the publicly available data of a GitHub user:

  • Take users to the Github website so that they can allow the app to access the public data
  • Then Github will redirect the user back to "the client" with a special "code" inside the url
  • Using that code, "the client" requests an access token which will then be used for every subsequent request
  • Once the access token has been provided, "the client" can request the data from the API
  • Full documentation is here.

Note: To get access to private data the app must specify what data it requires inside a "scope" variable and then the user must authorize that app to access the data.

Here's a small/trivial snippet that takes advantage of the Codepunker\LoginWithGithub package to obtain the user data from GitHub.

    
    <?php
    require 'vendor/autoload.php'; //composer autoloader
    echo '
';
    //we're not using the session handler from Slim... 
    //Because it uses encrypted Cookies and we don't need that
    if (session_status()==PHP_SESSION_NONE) {
        session_start();
    }
    
    $app = new \Slim\Slim(['mode'=>'development','session.handler' => null]);
    $app->get('/', function () {
        $app = \Slim\Slim::getInstance();
        $app->config('Codepunker\LoginWithGithub', [
            'client_id' => 'd68468706e9654cd5979',
            'client_secret' => 'a67a059062f0c181d4e506194461b9c7b2a4430f',
            'app_name' => 'the-codepunker'
        ]);
        //pass Slim inside the constructor of LoginWithGithub... 
        $loginwgh = new Codepunker\LoginWithGithub\LoginWithGithub($app);
        echo '<a href="' . $loginwgh->generateLink() . '">Log In W GH</a>';
        if (!is_null($app->request->get('code'))) {
            try {
                $info = $loginwgh->processAuthorization();
            } catch (Exception $e) {
                var_dump($e); //you should redirect here
                die;
            }
        var_dump($info); //Success dump the user information
        }
    });
    $app->run();
    

Any questions ? Ask away!

comments powered by Disqus