Calling your APIs with Auth0 tokens
Connect your app to GitHub
To configure a GitHub connection, you will need to register Auth0 with GitHub.
This doc refers to the steps to connect your application. If you are looking to manage authentication in your application, see Next Steps below.
OIDC-conformant pipeline and tokens
1. Add a new application
Access vs. ID Tokens
2. Register your new app
On the Register a new application page fill out the form with the following information. Modify the parameters to reflect your application (e.g., the Homepage and Authorization Access Tokenscallback URLs):
|Application name||The name of your app|
|Application description||The description of your app users will see (Optional)|
|Authorization callback URL||
Find your Auth0 domain name for redirects
If your Auth0 domain name is not shown above and you are not using our custom domains feature, your domain name is your tenant name, plus
.auth0.com. For example, if your tenant name were
exampleco-enterprises, your Auth0 domain name would be
exampleco-enterprises.auth0.com and your redirect URI would be
If you are using custom domains, your scopesredirect URI will have the following format:
https://<YOUR CUSTOM DOMAIN>/login/callback.
After completing the form click Register application to proceed.
3. Get your GitHub app's Client ID and Client Secret
Once the application is registered, your app's
Client ID and
Client Secret will be displayed on the following page:
4. Copy your GitHub app's Client ID and Client Secret
Go to your Auth0 Dashboard and select Connections > Social, then choose Github. Copy the
Client ID and
Client Secret from the Developer Applications of your app on Github into the fields on this page on Auth0.
5. Access GitHub API
Once a user successfully authenticates, GitHub will include an audienceAccess Token in the user profile it returns to Auth0. You can use this token to call GitHub's API.
To get the GitHub Access Token, you must retrieve the full user's profile using the Auth0 Management API and extract the Access Token from the response. For detailed steps, see Call an Identity Provider's API.
Using the token, you can call GitHub's API following GitHub's documentation.
Optional: Get a Single Sign-on (SSO)Refresh Token from GitHub to refresh your Access Token once it expires. To ensure your application is secure, pay close attention to the restrictions on using Refresh Tokens.
If you are receiving
Access Denied when calling the GitHub API, you probably have not requested the correct permissions for the user during login. For information on how to fix that, refer to Add scopes/permissions to call Identity Provider's APIs.