@@ -34,6 +34,64 @@ can expand beyond this to add any other provider you'd like, and if you need to
3434support SAML, you may look into
3535[ ` @boxyhq/remix-auth-sso ` ] ( https://github.com/boxyhq/remix-auth-sso ) .
3636
37+ ### GitHub OAuth App
38+
39+ You will see in ` .env.example ` the ` GITHUB_CLIENT_ID ` is set to ` MOCK_... ` . This
40+ is a precondition for a "Mock GitHub server" to be installed (with the help of
41+ [ ` msw ` ] ( https://github.com/mswjs/msw ) library). See this
42+ [ module] ( ../tests/mocks/github.ts ) for more details and pay attention to how the
43+ calls to ` https://github.com/login/oauth/access_token ` are being intercepted.
44+ But once deployed to an environment where ` process.env.MOCKS ` is not set to
45+ ` 'true' ` (see how this is done when launching the
46+ [ dev server] ( ../server/dev-server.js ) and checked in the
47+ [ entrypoint] ( ../index.js ) ), or even when developing _ locally_ but not setting
48+ ` GITHUB_CLIENT_ID ` to ` MOCK_... ` , the requests will actually reach the GitHub
49+ auth server. This is where you will want to have a GitHub OAuth application
50+ properly set up, otherwise the logging in with GitHub will fail and a
51+ corresponding toast will appear on the screen.
52+
53+ To set up a real OAuth application, log in to GitHub, go to
54+ ` Settings -> Developer settings -> OAuth Apps ` , and hit the
55+ ` Register a new application ` button. Type in ` http://localhost:3000 ` for
56+ "Homepage URL" and ` http://localhost:3000/auth/github/callback ` for
57+ "Authorization callback URL". As for the ` Application name ` set to something
58+ meaningful (because your users will see the app's name), e.g.
59+ ` MY_EPIC_APPLICATION_DEVELOPMENT ` . Hit ` Register application ` button. You will
60+ be redirected to the page with your newly created OAuth app's details. You will
61+ see your app has got ` 0 ` users and no client secrets just yet, but the Client ID
62+ has already been assigned to your app. Copy over this value to
63+ ` GITHUB_CLIENT_ID ` in your _ .env_ file. Now hit ` Generate client secret ` button,
64+ and copy over the newly generted secret to ` GITHUB_CLIENT_SECRET ` in the dotenv
65+ file. Hit ` Update application ` button on your GitHub OAuth app page.
66+
67+ Your ` .env ` file should resemble this (values have been redacted):
68+
69+ ``` bash
70+ # some other secrets and env vars
71+ ...
72+
73+ GITHUB_CLIENT_ID=" 72fa***************a"
74+ GITHUB_CLIENT_SECRET=" b2c6d323b**************************eae016"
75+ ```
76+
77+ Now, run the epic-stack app in dev mode, go to login page, and use the
78+ ` Login with GitHub ` option. You will be redirected to GitHub, and prompted to
79+ authorize the "MY_EPIC_APPLICATION_DEVELOPMENT" (or whatever the name of your
80+ OAuth app is) OAuth app to access your GitHub account data. After you give your
81+ consent, you will be redirected to your epic-stack app running on localhost, and
82+ the onboarding will kick off. You can now refresh your GitHub OAuth app page and
83+ see how the number of registered users increased to ` 1 ` .
84+
85+ Something to appreciate here, is that you as the GitHub OAuth app owner (since
86+ you created it in your GitHub account) and you as a user authorizing this GitHub
87+ OAuth app to access your account's data are _ two different_ entities. The OAuth
88+ app could have been registered with an Organisation or another person's GitHub
89+ account.
90+
91+ Also make sure to register separate additional OAuth apps for each of your
92+ deployed environments (e.g. ` staging ` and ` production ` ) and specify corresponding
93+ homepage and redirect urls in there.
94+
3795## TOTP and Two-Factor Authentication
3896
3997Two factor authentication is built-into the Epic Stack. It's managed using a the
0 commit comments