PHP : Add Login with Github to your website

By | May 9, 2020

Github Login

Github has become a very popular social login on websites related to programming and development. Github itself is a big storehouse of opensource projects and community of developers.

Github oAuth documentation can be found at http://developer.github.com/v3/oauth/.

Register website with Github oAuth

The first thing to do would be to register your website with github. Login into your github account, go to settings > application and click "Register a New Application"

Check the screenshot

After registering your website, you get a Client Id and a Client Secret. Those are important values to use in the next steps.

github_login.php

Now lets code the github_login.php that will reside on your website, and will contain the code to let a user login using his github account.

The code can be like this

function signup_github()
{
	$client_id = 'your_client_id';
	$redirect_url = 'your_callback_url';
	
	//login request
	if($_SERVER['REQUEST_METHOD'] == 'GET')
	{
		$url = "https://github.com/login/oauth/authorize?client_id=$client_id&redirect_uri=$redirect_url&scope=user";
		header("Location: $url");
	}
}

The above code redirects the user to github oauth authorisation page. Over there the user has to first login (if he is not already), and then give the decision whether to allow github to share information with your site or not.
The github oauth url is https://github.com/login/oauth/authorize and it takes a few parameters. The redirect_uri must be the callback url provided while registering the application. It can be empty, but must not be anything else. The scope defines what level of access our website needs over the user's account at github. scope=user will allow to fetch the user's email address from github.

Once the user authorises github, then github will redirect back to the callback url with a code. This code can be used to perform more api queries.

public function signup_github()
{
	$client_id = 'your_client_id;
	$redirect_url = 'your_callback_url';
	
	//get request , either code from github, or login request
	if($_SERVER['REQUEST_METHOD'] == 'GET')
	{
		//authorised at github
                if(isset($_GET['code']))
		{
			$code = $_GET['code'];
			
			//perform post request now
			$post = http_build_query(array(
				'client_id' => $client_id ,
				'redirect_uri' => $redirect_url ,
				'client_secret' => 'your_client_secret',
				'code' => $code ,
			));
			
			$context = stream_context_create(array("http" => array(
				"method" => "POST",
				"header" => "Content-Type: application/x-www-form-urlencodedrn" .
							"Content-Length: ". strlen($post) . "rn".
							"Accept: application/json" ,  
				"content" => $post,
			))); 
			
			$json_data = file_get_contents("https://github.com/login/oauth/access_token", false, $context);
			
			$r = json_decode($json_data , true);
			
			$access_token = $r['access_token'];
			
			$url = "https://api.github.com/user?access_token=$access_token";
			
			$data =  file_get_contents($url);
			
			//echo $data;
			$user_data  = json_decode($data , true);
			$username = $user_data['login'];
			
			
			$emails =  file_get_contents("https://api.github.com/user/emails?access_token=$access_token");
			$emails = json_decode($emails , true);
			$email = $emails[0];
			
			$signup_data = array(
				'username' => $username ,
				'email' => $email ,
				'source' => 'github' ,
			);
			
			signup_login_user($signup_data);
		}
		else
		{
			$url = "https://github.com/login/oauth/authorize?client_id=$client_id&redirect_uri=$redirect_url&scope=user";
			header("Location: $url");
		}
	}
}

When the code is received, a POST request has to be made to https://github.com/login/oauth/access_token to get an access token, that shall be used to access the api.

After the access token is available, a simple get request is made to

https://api.github.com/user?access_token=$access_token

It returns basic information about the user, like his login id, gravatar link etc. But it does not have the email address of the user.

To get the email address, another request has to be made to the api function user/emails like this

https://api.github.com/user/emails?access_token=$access_token

This returns the email address of the user.

Signup and Login the user on website

Now the username and email is available, which is the bare minimum necessary to register the user on the system. The function signup_login_user shall take the user data and perform the signup and login.

Flow is as follows

1. Check if email already registered, if yes goto step 3.
2. Signup the user by saving his email, username and password in users table.
3. Login the user by saving session information.

That completes the "Login with Github" process.

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

9 Comments

PHP : Add Login with Github to your website
    1. Silver Moon Post author

      this is really old code. i have not updated it in a long time.
      you will probably need to check the docs for the latest working version

  1. catchy.io

    It’s often better to end php process with an exit() (or the suited function of your framework if there’s a post action activity) after a header that’s supposed to be the only content of the HTTP response.

    1. Silver Moon Post author

      the login process must redirect to the github website, unless it directly asks for the username/password.

Leave a Reply

Your email address will not be published. Required fields are marked *