Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I get an OpenID Connect ID token from GitHub's API to implement social login?

Tags:

github

openid-connect

github-api

Background

I'm trying to implement social login using GitHub accounts and OpenID Connect, but I can't figure out what GitHub endpoints I'm supposed to:

  1. redirect the user to and
  2. POST the authorization code to

...to get back an ID token, or if I already have the right endpoints but the wrong parameters.

I've been following/adapting this guide to implementing social login with OpenID Connect (which uses Google as the Identity Provider rather than GitHub) and referring to the "OAuth 2.0 web application flow" GitHub docs page to try to understand how I need to adapt the guide to work with GitHub (i.e. what GitHub endpoints and parameters I need to use).

My problem

When I POST the authorization code to https://github.com/login/oauth/access_token (the URL specified in GitHub's docs) I get back an access token and a refresh token but no ID token. I suspect this is because the GitHub docs page is meant to be used to implement a plain (non-OpenID Connect) OAuth 2.0 flow.

What I've tried

I did a lot of Googling and found these 2019 slides from PragmaticWebSecurity.com that say I need to initially redirect the user to a different endpoint (https://github.com/openid-connect/auth rather than https://github.com/login/oauth/authorize, see slide 29), but when I try to do that, I get a 404 error from GitHub. I tried emailing the guy who created those slides to ask if the endpoint had changed, but he hasn't responded to me.

These are my guesses at what the answer to my question is:

  1. GitHub doesn't support OpenID Connect / it isn't possible to get back an ID token; I need to just use the access token to query the API to get back whatever information I need about the user.
    • This would explain why I can't find any mention of social login with OpenID Connect in GitHub's docs.
  2. I have the right endpoint (https://github.com/login/oauth/access_token), but I'm missing some required parameter to get back an ID token.
  3. I have the wrong endpoint.
like image 828
Nathan Wailes Avatar asked Jan 17 '26 03:01

Nathan Wailes

1 Answers

I contacted GitHub Support and got an official response: Their API doesn't support OpenID Connect for social login.

Here's their full response:

Hi Nathan,

Thanks for reaching out!

GitHub OAuth flow does not currently support the OpenID connect functionality. You'll need to use the OAuth 2.0

https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps

Regards,

Oluwaseun GitHub Support

So, until they add support for OpenID Connect, you can refer to this write-up I did on how to implement social login using OAuth 2.0:

How do I implement social login with GitHub accounts?

like image 101
Nathan Wailes Avatar answered Jan 19 '26 18:01

Nathan Wailes
Sign in to Comment

Related questions

How to request a code review on a committed master branch within GitHub?
GitHub Could not create service hooks subscription Unable to configure a service on the selected GitHub... Resource not accessible by integration

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!