Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update GitHub OIDC page #3133

Merged
merged 2 commits into from
Jul 2, 2024
Merged

Update GitHub OIDC page #3133

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
51a0764
refined the error docs for GH
mooreds Jun 25, 2024
3902302
removing breadcrumb import from main page, as it is not used
mooreds Jun 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions ...ecycle/authenticate-users/identity-providers/social/_github-troubleshooting.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
import Breadcrumb from 'src/components/Breadcrumb.astro';

GitHub users must have a public email address to allow FusionAuth to link their account on an email address. If they do not, you will get an error message stating `An email address was not provided for the user. This account cannot be used to login, unable to complete this login request.` You have two options:

* Require all users who use GitHub to log in have a public email address. This is configured on a per-user basis under <Breadcrumb>Public Profile -> Public Email</Breadcrumb>. This is done **on GitHub**.
* Link on [username or create an anonymous link](/docs/lifecycle/authenticate-users/identity-providers/#linking-strategies). Using these strategies ensure the configured GitHub OIDC connection works for every user, no matter their GitHub privacy settings, but means you won't have access to their email address.
7 changes: 6 additions & 1 deletion .../content/docs/lifecycle/authenticate-users/identity-providers/social/github.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,14 @@ quatercategory: social
---
import Aside from 'src/components/Aside.astro';
import IdentityProviderOverviewDiagram from 'src/content/docs/_shared/_identity-provider-overview-diagram.astro';
import GitHubTroubleshooting from 'src/content/docs/lifecycle/authenticate-users/identity-providers/social/_github-troubleshooting.mdx';
import InlineField from 'src/components/InlineField.astro';
import OpenidConnectExampleLambda from 'src/content/docs/_shared/_openid-connect-example-lambda.mdx';

## Configure OpenID Connect with GitHub

<Aside type="note">
GitHub user's must have a public email address configured to link on email (See [Linking Strategies for more on this](/docs/lifecycle/authenticate-users/identity-providers/#linking-strategies)). An approach that will work for all users is to link on username or create an anonymous link. Using these strategies ensure that the configured GitHub OIDC connection works for every user, no matter their GitHub privacy settings.
<GitHubTroubleshooting />
</Aside>

Once you have completed this configuration you may enable an OpenID Connect "Login with GitHub" button for one or more FusionAuth Applications. See [GitHub - Creating an OAuth App](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/) for an additional reference.
Expand Down Expand Up @@ -75,3 +76,7 @@ The final item to configure is under the <strong>Options</strong> tab. For GitHu
That's it, now the `Login with GitHub` button will show up on the login page of our `Pied Piper` application.

<img src="/img/docs/lifecycle/authenticate-users/identity-providers/social/github-openid-connect-configuration.png" alt="FusionAuth GitHub IdP Configuration" role="shadowed bottom-cropped top-cropped" />

## Troubleshooting

<GitHubTroubleshooting />
Loading