GitHub OAuth2 Strategy for Überauth

Latest version: 0.8.3 registry icon
Maintenance score
Safety score
Popularity score
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
Version Suggest Low Medium High Critical
0.8.3 0 0 0 0 0
0.8.2 0 0 0 0 0
0.8.1 0 0 0 0 0
0.8.0 0 0 0 0 0
0.7.0 0 0 0 0 0
0.6.0 0 0 0 0 0
0.5.0 0 0 0 0 0
0.4.1 0 0 0 0 0
0.4.0 0 0 0 0 0
0.2.0 0 0 0 0 0
0.1.3 0 0 0 0 0
0.1.2 0 0 0 0 0
0.1.0 0 0 0 0 0

Latest release:

0.8.3 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform


Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant

Überauth GitHub

Build Status Module Version Hex Docs Total Download License Last Updated

GitHub OAuth2 strategy for Überauth.


  1. Setup your application at GitHub Developer.

  2. Add :ueberauth_github to your list of dependencies in mix.exs:

    def deps do
        {:ueberauth_github, "~> 0.8"}
  3. Add GitHub to your Überauth configuration:

    config :ueberauth, Ueberauth,
      providers: [
        github: {Ueberauth.Strategy.Github, []}
  4. Update your provider configuration:

    config :ueberauth, Ueberauth.Strategy.Github.OAuth,
      client_id: System.get_env("GITHUB_CLIENT_ID"),
      client_secret: System.get_env("GITHUB_CLIENT_SECRET")

    Or, to read the client credentials at runtime:

    config :ueberauth, Ueberauth.Strategy.Github.OAuth,
      client_id: {:system, "GITHUB_CLIENT_ID"},
      client_secret: {:system, "GITHUB_CLIENT_SECRET"}
  5. Include the Überauth plug in your router:

    defmodule MyApp.Router do
      use MyApp.Web, :router
      pipeline :browser do
        plug Ueberauth
  6. Create the request and callback routes if you haven't already:

    scope "/auth", MyApp do
      pipe_through :browser
      get "/:provider", AuthController, :request
      get "/:provider/callback", AuthController, :callback
  7. Your controller needs to implement callbacks to deal with Ueberauth.Auth and Ueberauth.Failure responses.

For an example implementation see the Überauth Example application.


Depending on the configured url you can initiate the request through:


Or with options:


By default the requested scope is "user,public\_repo". This provides both read and write access to the GitHub user profile details and public repos. For a read-only scope, either use "user:email" or an empty scope "". Empty scope will only request minimum public information which even excludes user's email address which results in a nil for email inside returned %Ueberauth.Auth.Info{}. See more at GitHub's OAuth Documentation.

Scope can be configured either explicitly as a scope query value on the request path or in your configuration:

config :ueberauth, Ueberauth,
  providers: [
    github: {Ueberauth.Strategy.Github, [default_scope: "user,public_repo,notifications"]}

It is also possible to disable the sending of the redirect_uri to GitHub. This is particularly useful when your production application sits behind a proxy that handles SSL connections. In this case, the redirect_uri sent by Ueberauth will start with http instead of https, and if you configured your GitHub OAuth application's callback URL to use HTTPS, GitHub will throw an uri_mismatch error.

To prevent Ueberauth from sending the redirect_uri, you should add the following to your configuration:

config :ueberauth, Ueberauth,
  providers: [
    github: {Ueberauth.Strategy.Github, [send_redirect_uri: false]}

Private Emails

GitHub now allows you to keep your email address private. If you don't mind that you won't know a users email address you can specify allow_private_emails. This will set the users email as id+username@users.noreply.github.com.

config :ueberauth, Ueberauth,
  providers: [
    github: {Ueberauth.Strategy.Github, [allow_private_emails: true]}

Copyright and License

Copyright (c) 2015 Daniel Neighman

This library is released under the MIT License. See the LICENSE.md file