FluxyAPIFluxyAPI
BlocksOAuth Providers

GitHub OAuth2 Exchange

Authenticate users via GitHub's OAuth2 to retrieve access tokens and user profile data.

The GitHub OAuth2 Exchange block is used to exchange an authorization code for a GitHub access token and user profile information. This is used for "Log in with GitHub" or accessing GitHub repositories and account data via API.

Core Concept

When a user authorizes your app on GitHub, they return to your site with a temporary code. This block sends that code back to GitHub along with your app's credentials to prove your identity and receive a long-term access token.

Configuration

FieldRequiredDescription
Client IDYour GitHub application's Client ID from the GitHub Developer Settings.
Client SecretYour GitHub application's Client Secret. Must be stored as a Secret.
Redirect URIThe URI where GitHub redirects the user after authorization.
Authorization CodeThe code received from GitHub (e.g., {request.query.code}).
Token VariableThe variable name where the resulting data will be stored.
Security Requirement

Always store your Client Secret in the project's Secrets configuration. Never hardcode it as a plain string in the block.

Output

Once executed, the block stores a JSON object in your specified variable:

{
  "tokens": {
    "access_token": "gho_16characters...",
    "scope": "read:user,user:email",
    "token_type": "bearer"
  },
  "user": {
    "login": "octocat",
    "id": 1,
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "name": "monalisa octocat",
    "email": "[email protected]"
  }
}

You can access specific fields using dot notation:

  • {github_auth.user.login}
  • {github_auth.tokens.access_token}

Error Handling

  • MISSING_CLIENT_ID — The Client ID field is empty.
  • MISSING_CLIENT_SECRET — The Client Secret selection is empty.
  • MISSING_REDIRECT_URI — The Redirect URI is missing.
  • MISSING_CODE — No authorization code was provided.
  • SECRET_RETRIEVE_ERROR — Failed to retrieve the secret from storage.
  • INVALID_CODE — The authorization code is invalid or has already been used.
  • INVALID_CLIENT — Client authentication failed (check your Client Secret).
  • INVALID_REDIRECT_URI — The Redirect URI does not match the one registered in GitHub.
  • INVALID_REQUEST — The request is missing a required parameter.
  • USER_FETCH_ERROR — Failed to retrieve the user profile after token exchange.
  • RUNTIME_ERROR — An unexpected error occurred.

Example

  1. User Login: Redirect your user to GitHub's Auth URL.
  2. Callback: GitHub redirects to your endpoint: https://app.com/api/github/callback?code=gh_code_123.
  3. Exchange: Use this block to process the code:
    • Authorization Code: {request.query.code}
    • Token Variable: gh_exchange
  4. Result: You now have {gh_exchange.user.avatar_url} to display the user's profile picture.

Other OAuth Providers

On this page