Documentation

GitHub OAuth

GitHub OAuth with PKCE and private email handling.

Overview

GitHub OAuth supports PKCE (S256) by default. When a user keeps their email private, the SDK fetches the primary email from /user/emails to ensure a valid user record.

Environment

# .env.local
AUTH_SECRET=your-secret-key-min-32-chars-long
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
GITHUB_REDIRECT_URI=http://localhost:3000/api/auth/callback/github

Configuration

Basic GitHub OAuth Setup

Minimal configuration

import { github } from '@warpy-auth-sdk/core';

const provider = github({
  clientId: process.env.GITHUB_CLIENT_ID!,
  clientSecret: process.env.GITHUB_CLIENT_SECRET!,
  redirectUri: process.env.GITHUB_REDIRECT_URI!,
  scope: ['read:user', 'user:email'],
});

PKCE

PKCE is enabled by default ("S256"). You can set pkce to "plain" or falsefor legacy servers, though this is not recommended.

Scopes

We recommend read:user and user:email so the SDK can retrieve a primary email if private.
Google OAuthGitLab OAuth
GitHub OAuth | @warpy-auth-sdk/core