The folowing content is just to document the process of Github authentication. It isn't step to follow, but it is good to understand the flow of tokens and redirections.
-
Put a button in the client to send the user to the following URL to login with Github. This is a URL mapping on the API (look in urls.py).
-
The API code redirects the user to the following URL.
-
The student is presented with the interface to authorize the application with their Github credentials. Once the student authorizes, Github redirects to the following URL (this is an API URL, not the client).
-
The API immediately redirects the user to the client callback URL with some query parameters.
http://localhost:3000/auth/github?code=8ad10df9d7c89dd28c89&state=tBozt4gdvy7a
-
The client then uses the
codequery param to ping the API. -
The API will then respond with an authorization key.
{ "key": "seriesofrandomnumbersandletters" } -
Finally, the client can use authorization key to get the user information. All requests during the user's session must include the authorizaation token.
fetch("http://localhost:8000/profile", { method: "GET", headers: { "Authorization": "Token seriesofrandomnumbersandletters", "Accepts": "application/json" } }
-
That request responds with an object containing the student's profile information.
{ "pk":82, "username":"colonelmustard", "email":"[email protected]", "first_name":"Colonel", "last_name":"Mustard" }