Docs

Calling your APIs with Auth0 tokens

Connect your app to GitHub

To configure a GitHub connection, you will need to register Auth0 with GitHub.

This doc refers to the steps to connect your application. If you are looking to manage authentication in your application, see Next Steps below.

OIDC-conformant pipeline and tokens

1. Add a new application

To add a new application, log in to GitHub and go to OAuth applications in your developer settings. Next click Register a new application.

Access vs. ID Tokens

2. Register your new app

On the Register a new application page fill out the form with the following information. Modify the parameters to reflect your application (e.g., the Homepage and Authorization Access Tokenscallback URLs):

Field Description
Application name The name of your app
Homepage URL https://YOUR_DOMAIN
Application description The description of your app users will see (Optional)
Authorization callback URL https://YOUR_DOMAIN/login/callback

Find your Auth0 domain name for redirects

If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus .auth0.com. For example, if your tenant name were exampleco-enterprises, your Auth0 domain name would be exampleco-enterprises.auth0.com and your redirect URI would be https://exampleco-enterprises.auth0.com/login/callback.

If you are using custom domains, your scopesredirect URI will have the following format: https://<YOUR CUSTOM DOMAIN>/login/callback.

After completing the form click Register application to proceed.

Scopes

3. Get your GitHub app's Client ID and Client Secret

Once the application is registered, your app's Client ID and Client Secret will be displayed on the following page:

Further reading

4. Copy your GitHub app's Client ID and Client Secret

Go to your Auth0 Dashboard and select Connections > Social, then choose Github. Copy the Client ID and Client Secret from the Developer Applications of your app on Github into the fields on this page on Auth0.

5. Access GitHub API

Once a user successfully authenticates, GitHub will include an audienceAccess Token in the user profile it returns to Auth0. You can use this token to call GitHub's API.

To get the GitHub Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.

Using the token, you can call GitHub's API following GitHub's documentation.

Optional: Get a Single Sign-on (SSO)Refresh Token from GitHub to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.

Troubleshooting

If you are receiving Access Denied when calling the GitHub API, you probably have not requested the correct permissions for the user during login. For information on how to fix that, refer to Add scopes/permissions to call Identity Provider's APIs.