PHP : Add Login with Github to your website

By | July 13, 2012

Github Login

Github has become a very popular social login on websites related to programming and development. Github itself is a big storehouse of opensource projects and community of developers.

Github oAuth documentation can be found at

Register website with Github oAuth

The first thing to do would be to register your website with github. Login into your github account, go to settings > application and click "Register a New Application"

Check the screenshot

After registering your website, you get a Client Id and a Client Secret. Those are important values to use in the next steps.


Now lets code the github_login.php that will reside on your website, and will contain the code to let a user login using his github account.

The code can be like this

function signup_github()
	$client_id = 'your_client_id';
	$redirect_url = 'your_callback_url';
	//login request
		$url = "$client_id&redirect_uri=$redirect_url&scope=user";
		header("Location: $url");

The above code redirects the user to github oauth authorisation page. Over there the user has to first login (if he is not already), and then give the decision whether to allow github to share information with your site or not.
The github oauth url is and it takes a few parameters. The redirect_uri must be the callback url provided while registering the application. It can be empty, but must not be anything else. The scope defines what level of access our website needs over the user's account at github. scope=user will allow to fetch the user's email address from github.

Once the user authorises github, then github will redirect back to the callback url with a code. This code can be used to perform more api queries.

public function signup_github()
	$client_id = 'your_client_id;
	$redirect_url = 'your_callback_url';
	//get request , either code from github, or login request
		//authorised at github
			$code = $_GET['code'];
			//perform post request now
			$post = http_build_query(array(
				'client_id' => $client_id ,
				'redirect_uri' => $redirect_url ,
				'client_secret' => 'your_client_secret',
				'code' => $code ,
			$context = stream_context_create(array("http" => array(
				"method" => "POST",
				"header" => "Content-Type: application/x-www-form-urlencodedrn" .
							"Content-Length: ". strlen($post) . "rn".
							"Accept: application/json" ,  
				"content" => $post,
			$json_data = file_get_contents("", false, $context);
			$r = json_decode($json_data , true);
			$access_token = $r['access_token'];
			$url = "$access_token";
			$data =  file_get_contents($url);
			//echo $data;
			$user_data  = json_decode($data , true);
			$username = $user_data['login'];
			$emails =  file_get_contents("$access_token");
			$emails = json_decode($emails , true);
			$email = $emails[0];
			$signup_data = array(
				'username' => $username ,
				'email' => $email ,
				'source' => 'github' ,
			$url = "$client_id&redirect_uri=$redirect_url&scope=user";
			header("Location: $url");

When the code is received, a POST request has to be made to to get an access token, that shall be used to access the api.

After the access token is available, a simple get request is made to$access_token

It returns basic information about the user, like his login id, gravatar link etc. But it does not have the email address of the user.

To get the email address, another request has to be made to the api function user/emails like this$access_token

This returns the email address of the user.

Signup and Login the user on website

Now the username and email is available, which is the bare minimum necessary to register the user on the system. The function signup_login_user shall take the user data and perform the signup and login.

Flow is as follows

1. Check if email already registered, if yes goto step 3.
2. Signup the user by saving his email, username and password in users table.
3. Login the user by saving session information.

That completes the "Login with Github" process.

Last Updated On : 13th July 2012

Related Post

7 thoughts on “PHP : Add Login with Github to your website


    It’s often better to end php process with an exit() (or the suited function of your framework if there’s a post action activity) after a header that’s supposed to be the only content of the HTTP response.

    1. Silver Moon Post author

      the login process must redirect to the github website, unless it directly asks for the username/password.

Leave a Reply

Your email address will not be published. Required fields are marked *