oidc-github.core
GitHub OAuth and OIDC integration.
Provides both provider-side authentication (for use with oidc-provider.core) and client-side OAuth flow helpers (wrapping oidc.core) with GitHub-specific defaults and configurations.
Provider Usage
Use GitHub as an authenticator for your OIDC provider:
(require '[oidc-github.core :as github]
'[oidc-provider.core :as provider])
(def config
{:client-id "your-github-app-id"
:client-secret "your-github-app-secret"
:required-org "your-org"})
(def authenticator (github/create-github-authenticator config))
(def provider
(provider/create-provider
{:issuer "https://your-app.com"
:credential-validator (:credential-validator authenticator)
:claims-provider (:claims-provider authenticator)
...}))
Client Usage
Use GitHub as an OIDC provider:
(require '[oidc-github.core :as github])
(def config
{:client-id "your-github-app-id"
:client-secret "your-github-app-secret"
:redirect-uri "https://your-app.com/callback"})
(def auth-url (github/authorization-url config "state-123" "nonce-456"))
(def token (github/exchange-code config "code-from-callback"))
(def user (github/fetch-user (:access_token token)))
authorization-url
(authorization-url config state)(authorization-url config state nonce)Generates a GitHub OAuth authorization URL.
Takes configuration, state, and optional nonce. Returns a URL string that the user should be redirected to for GitHub authentication. Uses the scopes specified in config or defaults to ["user:email" "read:user" "read:org"].
Example:
(authorization-url
{:client-id "abc123"
:redirect-uri "https://app.com/callback"
:scopes ["user:email"]}
"state-123")
Config
Configuration schema for GitHub OAuth/OIDC integration.
create-github-authenticator
(create-github-authenticator config)Creates a GitHub authenticator for use with oidc-provider.core/create-provider.
Takes a configuration map with :client-id, :client-secret, and optional settings. Returns a map containing :credential-validator and :claims-provider that implement the required oidc-provider protocols.
Configuration options:
:client-id- GitHub OAuth App client ID (required):client-secret- GitHub OAuth App client secret (required):required-org- GitHub organization that users must belong to (optional):validate-org?- Whether to validate org membership (default: false):enterprise-url- Base URL for GitHub Enterprise Server (optional):cache-ttl-ms- Cache TTL for GitHub API responses in milliseconds (default: 5 minutes)
Example:
(def auth (create-github-authenticator
{:client-id "abc123"
:client-secret "secret"
:required-org "my-company"
:validate-org? true}))
default-config
Default configuration values for GitHub OAuth/OIDC integration.
exchange-code
(exchange-code config code)Exchanges an authorization code for an access token.
Takes configuration and the authorization code received from GitHub’s callback. Returns a map containing :access_token, :token_type, and :scope.
Example:
(exchange-code
{:client-id "abc123"
:client-secret "secret"
:redirect-uri "https://app.com/callback"}
"code-from-github")
fetch-user
(fetch-user access-token)Fetches GitHub user information using an access token.
Returns a map containing GitHub user profile data including login, name, email, avatar URL, and organization memberships.
Example:
(fetch-user "ghp_abc123xyz")
refresh-token
(refresh-token config refresh-token)Refreshes an access token.
Note: GitHub OAuth Apps do not support refresh tokens. This is provided for completeness but will throw an exception if called with a GitHub OAuth App. GitHub Apps (not OAuth Apps) do support refresh tokens.
validate-config
(validate-config config)Validates configuration against the Config schema.
Returns the config if valid, throws an exception otherwise.