Forem: Reihaneh ssh The latest articles on Forem by Reihaneh ssh (@srssh). https://forem.com/srssh https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1008102%2F1239c192-c2a3-472e-a35b-b6cc9b5495bd.jpeg Forem: Reihaneh ssh https://forem.com/srssh en Implementing SSO in React with GitHub OAuth2 Reihaneh ssh Sun, 31 Mar 2024 22:31:06 +0000 https://forem.com/srssh/implementing-sso-in-react-with-github-oauth2-35c1 https://forem.com/srssh/implementing-sso-in-react-with-github-oauth2-35c1 <p>Juggling passwords and those pesky OTP codes is a major pain, right? Thankfully, Single Sign-On (SSO) using platforms like GitHub offers a smoother and safer way to log in to apps.</p> <p>This guide will show you how to set up SSO with GitHub OAuth2 in a React application. We’ll use a basic Python backend as an example, but you can choose whichever language works best for you. The code is straightforward, so you can easily tweak it to fit your needs. We’re keeping things simple here for now, but don’t worry — you can always add fancier stuff like routes or Redux later if your project gets more complex.</p> <p>We’re aiming to make your app login experience a breeze! Let’s dive in!</p> <h2> What is OAuth2? </h2> <h3> Think of It Like Borrowing Your Friend’s Key </h3> <p>Ever forget your gym locker combo? No worries, you can just ask your friend who remembers it to open it for you, right? That’s kind of how OAuth2 works for logging into apps.</p> <p>There are two main things your apps need to know:</p> <ol> <li><p><strong>Who You Are (Authentication):</strong> This is like proving you’re the rightful owner of the locker with a code or your fingerprint.</p></li> <li><p><strong>What You Can Do (Authorization):</strong> Even if you open the locker, your friend might limit what you can take (water bottle vs. their whole gym bag!).</p></li> </ol> <h3> OAuth2: The Helpful Friend </h3> <p>Here’s where OAuth2 comes in. It acts like that helpful friend who remembers your login info for other places (like GitHub). Instead of creating a new account and password for every app, you can use your existing, trusted GitHub login.</p> <p>Here’s the process:</p> <ol> <li><p><strong>Click Login:</strong> You see a “Login with GitHub” button in the app.</p></li> <li><p><strong>Head to GitHub:</strong> The app sends you to the familiar and secure GitHub login page.</p></li> <li><p><strong>Log In There:</strong> You enter your usual GitHub credentials.</p></li> <li><p><strong>Special Code:</strong> If all goes well, GitHub gives your app a special code, not your actual password. Think of it like a temporary key.</p></li> <li><p><strong>Back to the App:</strong> You’re automatically sent back to the app.</p></li> <li><p><strong>Access Granted (or Denied):</strong> The app uses that code to ask GitHub for a special “access token.” This token tells the app what you’re allowed to do within the app (like view stuff or even edit things).</p></li> </ol> <h3> The Code Thingy (Authorization Code Flow): </h3> <p>GitHub uses the authorization code flow which uses a code instead of your actual password. This is a smart security feature. It adds an extra layer of protection, kind of like having two locks on your gym locker!</p> <h2> Why OAuth2? </h2> <p>There are a bunch of ways to do SSO in apps, but we’re going with OAuth2 for two cool reasons:</p> <ul> <li><p><strong>Super Easy to Use:</strong> Setting up OAuth2 is a breeze compared to other options. Developers love it because it saves them time and headaches.</p></li> <li><p><strong>Extra Security Boost:</strong> OAuth2 is more secure than some other methods. Think of it like letting a trusted friend (like GitHub) handle your login instead of your app having to remember your password itself. It’s a safer way to go!</p></li> <li><p><strong>Super Convenient:</strong> No more password overload!</p></li> <li><p><strong>You’re in Control:</strong> You choose what info from GitHub to share with the app.</p></li> </ul> <h2> The overall flow </h2> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eQ3qZbVl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3528/1%2Am6ZEStR6wRbMNow9UMJ0zQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eQ3qZbVl--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3528/1%2Am6ZEStR6wRbMNow9UMJ0zQ.png" alt="" width="800" height="604"></a></p> <h2> Add GitHub application </h2> <p>Here’s a breakdown of the steps to add an OAuth application in GitHub, creating the secret handshake that allows your app to interact with user accounts:</p> <ol> <li><strong>Navigate to Settings:</strong></li> </ol> <ul> <li>Head to your GitHub profile settings by clicking on your profile picture in the top right corner and selecting “Settings”.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--vcacVEpv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3828/1%2AhlbeRSuJiSyHQN_y8lsdYA.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--vcacVEpv--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3828/1%2AhlbeRSuJiSyHQN_y8lsdYA.png" alt="" width="800" height="414"></a></p> <p><strong>2. Developer Settings:</strong></p> <ul> <li>In the left sidebar, under “Developer settings”, click on “OAuth Apps”.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--snV1WS1_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3800/1%2Ar6C7MjfKinlRNf4BwXIHsQ.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--snV1WS1_--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3800/1%2Ar6C7MjfKinlRNf4BwXIHsQ.png" alt="" width="800" height="417"></a></p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--497C-Ayi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3834/1%2A9j2WLxjE5sTilY2Qz3hgcg.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--497C-Ayi--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3834/1%2A9j2WLxjE5sTilY2Qz3hgcg.png" alt="" width="800" height="414"></a></p> <p><strong>3. Register a New App:</strong></p> <ul> <li><p>Click on the blue button “Register a new application”.</p></li> <li><p>Give your app a descriptive and recognizable name.</p></li> <li><p>Authorization callback URL:<br> _ This is the URL in your application where GitHub will redirect the user after a successful login. Make sure this URL matches the one you’ll define in your React app’s code.<br> _ If you are using the code of this tutorial set <a href="http://localhost:5173">http://localhost:5173</a></p></li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--xaZwB0DM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3840/1%2ARBgE3660G1DdJ7VZf_kV-Q.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--xaZwB0DM--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3840/1%2ARBgE3660G1DdJ7VZf_kV-Q.png" alt="" width="800" height="413"></a></p> <ul> <li>Save the client ID and generate a new client secret for further use in the code</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--zLEWZeLK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3826/1%2AGIOnGLeAbc0yoKGRzshGlw.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--zLEWZeLK--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_800/https://cdn-images-1.medium.com/max/3826/1%2AGIOnGLeAbc0yoKGRzshGlw.png" alt="" width="800" height="413"></a></p> <p>You can also check <a href="https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/creating-an-oauth-app">GitHub docs</a>.</p> <h2> Implement react app </h2> <p>Let’s ditch those pesky passwords and create a smooth login experience for your React app using GitHub! Here’s a breakdown of what we’ll do:</p> <h3> 1. Setting Up Your React Playground: </h3> <p>Imagine a shiny new React app — that’s what we’ll build! We’ll use a cool tool called <a href="https://vitejs.dev/">Vite</a> to set it up.</p> <p>Here’s the magic spell (command) to get things rolling:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn create vite my-awesome-app --template react-ts </code></pre> </div> <p>Replace my-awesome-app with your app name. Follow the prompts, and voila — your app is ready!</p> <ol> <li>Running the App:</li> </ol> <p>Once your app is prepped, open your terminal, navigate to the project directory, and cast another magic spell:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>yarn dev </code></pre> </div> <p>This will fire up the development server, and your app should appear in your browser, usually at <a href="http://localhost:5173/.">http://localhost:5173/.</a></p> <p>here is the code of App.tsx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">useEffect</span><span class="p">,</span> <span class="nx">useState</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">react</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="dl">"</span><span class="s2">./App.css</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Profile</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">./components/profile/Profile</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">App</span><span class="p">()</span> <span class="p">{</span> <span class="c1">// Extracting the 'code' parameter from the URL query string (used for authorization)</span> <span class="kd">const</span> <span class="nx">urlParams</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">(</span><span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">search</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">code</span> <span class="o">=</span> <span class="nx">urlParams</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">"</span><span class="s2">code</span><span class="dl">"</span><span class="p">);</span> <span class="c1">// State to store the retrieved user data</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">data</span><span class="p">,</span> <span class="nx">setData</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">null</span><span class="p">);</span> <span class="c1">// State to indicate if data is being fetched</span> <span class="kd">const</span> <span class="p">[</span><span class="nx">loading</span><span class="p">,</span> <span class="nx">setLoading</span><span class="p">]</span> <span class="o">=</span> <span class="nf">useState</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="c1">// Runs whenever the 'code' variable changes (likely on authorization flow)</span> <span class="nf">useEffect</span><span class="p">(()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">"</span><span class="s2">token</span><span class="dl">"</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="p">{</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="c1">// Set loading to true while fetching data</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">https://api.github.com/user</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="nx">token</span> <span class="p">},</span> <span class="p">})</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="c1">// Parse the response as JSON</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setData</span><span class="p">(</span><span class="nx">data</span><span class="p">);</span> <span class="c1">// Update state with fetched user data</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="c1">// Set loading to false when done fetching</span> <span class="p">});</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">code</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// If no token but 'code' is available (GitHub OAuth flow)</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">true</span><span class="p">);</span> <span class="c1">// Set loading to true while fetching data</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`http://localhost:8589/oauth/redirect?code=</span><span class="p">${</span><span class="nx">code</span><span class="p">}</span><span class="s2">&amp;state=YOUR_RANDOMLY_GENERATED_STATE`</span> <span class="p">)</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> <span class="c1">// Parse the response as JSON</span> <span class="p">.</span><span class="nf">then</span><span class="p">((</span><span class="nx">data</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nf">setData</span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">userData</span><span class="p">);</span> <span class="c1">// Update state with user data from response</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span> <span class="dl">"</span><span class="s2">token</span><span class="dl">"</span><span class="p">,</span> <span class="s2">`</span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">tokenType</span><span class="p">}</span><span class="s2"> </span><span class="p">${</span><span class="nx">data</span><span class="p">.</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">);</span> <span class="c1">// Store access token in local storage</span> <span class="nf">setLoading</span><span class="p">(</span><span class="kc">false</span><span class="p">);</span> <span class="c1">// Set loading to false when done fetching</span> <span class="p">});</span> <span class="p">}</span> <span class="p">},</span> <span class="p">[</span><span class="nx">code</span><span class="p">]);</span> <span class="c1">// Function to redirect the user to the GitHub OAuth authorization page</span> <span class="kd">function</span> <span class="nf">redirectToGitHub</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">client_id</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">blah blah</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">redirect_uri</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">http://localhost:5173/</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">scope</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">read:user</span><span class="dl">"</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">authUrl</span> <span class="o">=</span> <span class="s2">`https://github.com/login/oauth/authorize?client_id=</span><span class="p">${</span><span class="nx">client_id</span><span class="p">}</span><span class="s2">&amp;redirect_uri=</span><span class="p">${</span><span class="nx">redirect_uri</span><span class="p">}</span><span class="s2">&amp;scope=</span><span class="p">${</span><span class="nx">scope</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="nx">authUrl</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// Conditionally render content based on loading state and data availability</span> <span class="k">if </span><span class="p">(</span><span class="nx">loading</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nt">h4</span><span class="p">&gt;</span>Loading...<span class="p">&lt;/</span><span class="nt">h4</span><span class="p">&gt;;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="p">&lt;</span><span class="nc">Profile</span> <span class="na">user</span><span class="p">=</span><span class="si">{</span><span class="nx">data</span><span class="si">}</span> <span class="p">/&gt;;</span> <span class="p">}</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"login-container"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h1</span><span class="p">&gt;</span>Login to MyApp<span class="p">&lt;/</span><span class="nt">h1</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">button</span> <span class="na">className</span><span class="p">=</span><span class="s">"github-button"</span> <span class="na">onClick</span><span class="p">=</span><span class="si">{</span><span class="nx">redirectToGitHub</span><span class="si">}</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">img</span> <span class="na">src</span><span class="p">=</span><span class="s">"https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png"</span> <span class="na">alt</span><span class="p">=</span><span class="s">"GitHub Logo"</span> <span class="p">/&gt;</span> Login with GitHub <span class="p">&lt;/</span><span class="nt">button</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/&gt;</span> <span class="p">);</span> <span class="p">}</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">App</span><span class="p">;</span> </code></pre> </div> <p><strong>1. Initiating GitHub Authorization:</strong></p> <ul> <li>When the user clicks the “Login with GitHub” button, the redirectToGitHub function constructs a URL that initiates the OAuth 2.0 authorization flow. This URL includes: _ Client ID: A unique identifier for your app, provided by GitHub. _ Redirect URI: The URL where GitHub should redirect the user after successful authorization. _ Scope: Specifies the permissions your app requests from the user’s GitHub account.</li> </ul> <p><strong>2. Redirecting to GitHub for Authentication:</strong></p> <ul> <li><p>The user is redirected to GitHub’s secure login page to enter their credentials.</p></li> <li><p>Upon successful authentication, GitHub grants an authorization code to your app, which is then redirected back to the specified redirect URI along with the code.</p></li> </ul> <p><strong>3. Exchanging Authorization Code for Access Token:</strong></p> <ul> <li><p>Initial Login:<br> _ The React app sends a request to a server-side endpoint (backend server or a secure third-party service) that handles the exchange of the authorization code for an access token.<br> _ The server-side endpoint communicates with GitHub’s OAuth API, exchanging the code for a token and retrieving user data.<br> _ The access token, which grants access to the user’s GitHub data, is then stored securely within the app for subsequent API calls.</p></li> <li><p>If a valid access token is already available, the app skips the code exchange and directly fetches user data from the GitHub API using the token.</p></li> </ul> <p><strong>4. Retrieving and Displaying User Profile Information:</strong></p> <ul> <li><p>Once the access token is obtained, the app calls the GitHub API to retrieve the user’s profile information, including:<br> _ Avatar (profile image)<br> _ Login (username)<br> _ ID (unique user identifier)<br> _ Follower count<br> _ Following count<br> _ Public repositories</p></li> <li><p>The Profile component receives and renders this information, presenting a visual overview of the user’s GitHub profile.</p></li> </ul> <p><strong>Key Considerations:</strong></p> <ul> <li><p>Replace “blah blah” with your actual client ID from GitHub.</p></li> <li><p>For production-level apps, employ a secure storage mechanism for access tokens, such as HttpOnly cookies or browser storage mechanisms with appropriate protections.</p></li> <li><p>The loading state in App.tsx tracks API calls, displaying a loading indicator while data is fetched.</p></li> </ul> <p>Here is the Profile component:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="dl">"</span><span class="s2">./profile.css</span><span class="dl">"</span><span class="p">;</span> <span class="kd">type</span> <span class="nx">UserType</span> <span class="o">=</span> <span class="p">{</span> <span class="na">avatar_url</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">login</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">type</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">followers</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">following</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="nl">public_repos</span><span class="p">:</span> <span class="kr">number</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">Profile</span> <span class="o">=</span> <span class="p">({</span> <span class="nx">user</span> <span class="p">}:</span> <span class="p">{</span> <span class="nl">user</span><span class="p">:</span> <span class="nx">UserType</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">return </span><span class="p">(</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"user-info"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">h2</span><span class="p">&gt;</span>User Information<span class="p">&lt;/</span><span class="nt">h2</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"avatar-container"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">img</span> <span class="na">src</span><span class="p">=</span><span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">avatar_url</span><span class="si">}</span> <span class="na">alt</span><span class="p">=</span><span class="s">"User Avatar"</span> <span class="na">className</span><span class="p">=</span><span class="s">"avatar"</span> <span class="p">/&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">div</span> <span class="na">className</span><span class="p">=</span><span class="s">"info-container"</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Login: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">login</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>ID: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">id</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Type: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="kd">type</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Followers: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">followers</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Following: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">following</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;</span><span class="nt">p</span><span class="p">&gt;</span>Public Repos: <span class="si">{</span><span class="nx">user</span><span class="p">.</span><span class="nx">public_repos</span><span class="si">}</span><span class="p">&lt;/</span><span class="nt">p</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">&lt;/</span><span class="nt">div</span><span class="p">&gt;</span> <span class="p">);</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">Profile</span><span class="p">;</span> </code></pre> </div> <h2> Implement backend server </h2> <p>This Python server acts like a trusted friend between your React app and GitHub. It keeps your app’s secret code safe (like a secret handshake) and helps it get the user’s information from GitHub.</p> <p>server.py:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">uvicorn</span> <span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="kn">import</span> <span class="n">requests</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="n">CLIENT_ID</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your client id</span><span class="sh">"</span> <span class="n">CLIENT_SECRET</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your client secret</span><span class="sh">"</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/oauth/redirect</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">oauth_redirect</span><span class="p">(</span><span class="n">code</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="c1"># Exchange code for access token </span> <span class="n">token_response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://github.com/login/oauth/access_token</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">},</span> <span class="n">data</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">client_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">CLIENT_ID</span><span class="p">,</span> <span class="sh">"</span><span class="s">client_secret</span><span class="sh">"</span><span class="p">:</span> <span class="n">CLIENT_SECRET</span><span class="p">,</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">:</span> <span class="n">code</span> <span class="p">}</span> <span class="p">)</span> <span class="k">if</span> <span class="n">token_response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">400</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Error fetching access token from GitHub.</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Extract the access token </span> <span class="n">token_data</span> <span class="o">=</span> <span class="n">token_response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">token_data</span><span class="p">)</span> <span class="n">access_token</span> <span class="o">=</span> <span class="n">token_data</span><span class="p">[</span><span class="sh">"</span><span class="s">access_token</span><span class="sh">"</span><span class="p">]</span> <span class="n">token_type</span> <span class="o">=</span> <span class="n">token_data</span><span class="p">[</span><span class="sh">"</span><span class="s">token_type</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Fetch user profile with the access token </span> <span class="n">user_response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://api.github.com/user</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">token_type</span><span class="si">}</span><span class="s"> </span><span class="si">{</span><span class="n">access_token</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="k">if</span> <span class="n">user_response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">!=</span> <span class="mi">200</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span> <span class="n">status_code</span><span class="o">=</span><span class="mi">400</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Error fetching user data from GitHub.</span><span class="sh">"</span><span class="p">)</span> <span class="n">user_data</span> <span class="o">=</span> <span class="n">user_response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">Github profile: </span><span class="si">{</span><span class="n">user_data</span><span class="si">}</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">userData</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_data</span><span class="p">,</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">:</span> <span class="n">access_token</span><span class="p">,</span> <span class="sh">"</span><span class="s">tokenType</span><span class="sh">"</span><span class="p">:</span> <span class="n">token_type</span><span class="p">}</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">'</span><span class="s">__main__</span><span class="sh">'</span><span class="p">:</span> <span class="n">uvicorn</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="n">host</span><span class="o">=</span><span class="sh">'</span><span class="s">0.0.0.0</span><span class="sh">'</span><span class="p">,</span> <span class="n">port</span><span class="o">=</span><span class="mi">8589</span><span class="p">)</span> </code></pre> </div> <p>Here is a simple explanation of the code:</p> <ol> <li><p>The server grabs your app’s special ID and secret code, like checking your badge at the door.</p></li> <li><p>When it catches the code, it trades it with GitHub for a VIP pass (token) to access user information.</p></li> <li><p>It sends the VIP pass (and maybe the details it gathered) back to your React app safely</p></li> </ol> <p>Here we can see the whole flow:</p> <p><iframe src="https://player.vimeo.com/video/928565980" width="710" height="399"> </iframe> </p> <h2> Conclusion </h2> <p>This is just a basic setup, there are other ways to do it. But it gives you the idea! The code for this is over at <a href="https://github.com/sr-ssh/sso-react-with-github">Github</a> if you want to check it out.</p> <p>Next time, we might explore building your login system instead of relying on external services. Stay tuned for more coding adventures!</p> oauth2 sso react webdev