Support GitHub sign-in (#160)

README.md

@@ -3,15 +3,51 @@
 **Melody Auth** is turnkey OAuth & authentication system that can be seamlessly deployed on Cloudflare’s infrastructure, utilizing Workers, D1, and KV, or self-hosted with Node.js, Redis, and PostgreSQL. It provides a robust and user-friendly solution for implementing and hosting your own oauth and authentication system with minimal configuration required.
 
 ## Features Supported
-- <b>OAuth 2.0</b>: Authorize, Token Exchange, Token Revoke, App Consent, App Scopes, User Info Retrieval, Sign-Out
-- <b>Authorization</b>: Sign-In, Sign-Up, Sign-Out, Email Verification, Password Reset, Role-Based Access Control (RBAC), Localization
-- <b>Social Sign-In</b>: Google Sign-In, Facebook Sign-In
-- <b>Mailer Option</b>: SendGrid, Brevo, STMP (Node.js environment only)
-- <b>Multi-Factor Authentication</b>: Email MFA, OTP MFA, MFA Enrollment
-- <b>JWT Authentication</b>: RSA256 based JWT Authentication, JWT Secret Rotate
-- <b>Brute-force Protection</b>: Log in attempts, Password reset attempts, OTP MFA attempts
-- <b>Logging</b>: Email Logs, Sign-in Logs
-- <b>S2S REST API & Admin Panel</b>: Manage Users, Manage Apps, Manage Scopes, Manage Roles, Localization  
+- <b>OAuth 2.0</b>:
+  - Authorize
+  - Token Exchange
+  - Refresh Token Revoke
+  - App Consent
+  - App Scopes
+  - User Info Retrieval
+- <b>Authorization</b>:
+  - Sign-In
+  - Sign-Up
+  - Sign-Out
+  - Email Verification
+  - Password Reset
+  - Role-Based Access Control (RBAC)
+  - Localization [How to support a new locale](https://auth.valuemelody.com/q_a.html#how-to-support-a-new-locale)
+- <b>Social Sign-In</b>:
+  - Google Sign-In
+  - Facebook Sign-In
+  - GitHub Sign-In
+- <b>Mailer Option</b>:
+  - SendGrid
+  - Brevo
+  - STMP (Node.js environment only)
+- <b>Multi-Factor Authentication</b>:
+  - Email MFA
+  - OTP MFA
+  - MFA Enrollment
+- <b>JWT Authentication</b>:
+  - RSA256 based JWT Authentication [How to verify a SPA access token](https://auth.valuemelody.com/q_a.html#how-to-verify-a-spa-access-token)
+  - JWT Secret Rotate [How to rotate JWT secret](https://auth.valuemelody.com/q_a.html#how-to-rotate-jwt-secret)
+- <b>Brute-force Protection</b>:
+  - Log in attempts
+  - Password reset attempts
+  - OTP MFA attempts
+- <b>Logging</b>:
+  - Email Logs
+  - Sign-in Logs
+- <b>S2S REST API & Admin Panel</b>:
+  - Manage Users
+  - Manage Apps
+  - Manage Scopes
+  - Manage Roles
+  - Localization
+
+### Screenshots
 [Authorization Screenshots](https://auth.valuemelody.com/screenshots.html#identity-pages-and-emails)  
 [Admin Panel Screenshots](https://auth.valuemelody.com/screenshots.html#admin-panel-pages)  
 

admin-panel/app/[lang]/dashboard/page.tsx

@@ -111,6 +111,14 @@ const Page = () => {
             <Table.Cell>FACEBOOK_AUTH_CLIENT_ID</Table.Cell>
             <Table.Cell>{configs.FACEBOOK_AUTH_CLIENT_ID}</Table.Cell>
           </Table.Row>
+          <Table.Row>
+            <Table.Cell>GITHUB_AUTH_CLIENT_ID</Table.Cell>
+            <Table.Cell>{configs.GITHUB_AUTH_CLIENT_ID}</Table.Cell>
+          </Table.Row>
+          <Table.Row>
+            <Table.Cell>GITHUB_AUTH_APP_NAME</Table.Cell>
+            <Table.Cell>{configs.GITHUB_AUTH_APP_NAME}</Table.Cell>
+          </Table.Row>
           <Table.Row>
             <Table.Cell>SUPPORTED_LOCALES</Table.Cell>
             <Table.Cell>{configs.SUPPORTED_LOCALES.join(', ')}</Table.Cell>

docs/auth-server.md

@@ -221,6 +221,10 @@ npm run prod:deploy
 - **Default:** ""
 - **Description:** The Facebook Authentication Client ID is required to enable the Facebook Sign-In function. This ID is obtained from the Facebook Developer Console and uniquely identifies your application to Facebook. If this value is left empty, the Facebook Sign-In button will be suppressed and the Facebook sign-in functionality will not be available. <b>You also need to set FACEBOOK_AUTH_CLIENT_SECRET in .dev.vars for Cloudflare dev env as well as Node env, and in Cloudflare workers config for Cloudflare prod env.</b>
 
+### GITHUB_AUTH_CLIENT_ID & GITHUB_AUTH_APP_NAME
+- **Default:** ""
+- **Description:** The GitHub Authentication Client ID and App Name is required to enable the GitHub Sign-In function. This Client ID and App Name is obtained from the GitHub Developer Console and uniquely identifies your application to GitHub. If this value is left empty, the GitHub Sign-In button will be suppressed and the GitHub sign-in functionality will not be available. <b>You also need to set GITHUB_AUTH_CLIENT_SECRET in .dev.vars for Cloudflare dev env as well as Node env, and in Cloudflare workers config for Cloudflare prod env. In your GitHub App settings, set the callback URL to [your auth server doamin]/identity/v1/authorize-github, e.g., http://localhost:8787/identity/v1/authorize-github</b>
+
 ### ENABLE_SIGN_UP
 - **Default:** true
 - **Description:** Determines if user sign-up is allowed. If set to false, the sign-up button will be suppressed on the sign-in page.

server/.dev.vars.example

@@ -7,7 +7,8 @@ BREVO_API_KEY= # Put your Brevo api key here and leave SENDGRID_API_KEY to be em
 BREVO_SENDER_ADDRESS= # Put your Brevo sender address here
 
 AUTH_SERVER_URL="http://localhost:8787" # The host url of your CF worker
-FACEBOOK_AUTH_CLIENT_SECRET= # To work with FACEBOOK_AUTH_CLIENT_ID
+#FACEBOOK_AUTH_CLIENT_SECRET= # To work with FACEBOOK_AUTH_CLIENT_ID
+#GITHUB_AUTH_CLIENT_SECRET= # To work with GITHUB_AUTH_CLIENT_ID and GITHUB_AUTH_APP_NAME
 
 # Config following env vars to run this project using node, Postgres and Redis, with the option to use an SMTP mailer server as well
 # PG_CONNECTION_STRING=postgres://postgres:postgres@127.0.0.1:5432/melody-auth