Example integration with GitHub

[umlaeute]

I'm currently trying to authenticate my indico instance with GitHub.
afaict, the main problem is, that I do not know the actual redirect_url that i need to fill in when registering a new GitHub OAuth application.

[umlaeute]

Turns out it is not overly complicated, once you know what you are doing.

Assuming your Indico instance is running on https://indico.example.com/:

1. register a new OAuth application at https://github.com/settings/applications/new

   key	value
   Application name	Indico example
   Homepage URL	https://indico.example.org/
   description	allow github users for our indico instance
   callback URL	https://indico.example.org/multipass/authlib/github
   Enable Device Flow	False

   After creating the App you get the "Client ID" and can generate a "Client secret",
   which are needed in the next step.

2. add the 'github' auth/identity provider to your application configuration:

# for indico, use `AUTH_PROVIDERS` instead:
MULTIPASS_AUTH_PROVIDER = {
  # ...
  'github': {
      'type': 'authlib',
      'title': 'GitHub',
      'authlib_args': {
          'client_id': '',  # put your client id here
          'client_secret': '',  # put your client secret here
          'client_kwargs': {'scope': 'user:email'},
          'authorize_url': 'https://github.com/login/oauth/authorize',
          'access_token_url': 'https://github.com/login/oauth/access_token',
          'userinfo_endpoint': 'https://api.github.com/user',
      }
  },
}
# for indico, use `IDENTITY_PROVIDERS` instead:
MULTIPASS_IDENTITY_PROVIDERS = {
  # ...
  'github': {
      'type': 'authlib',
      'identifier_field': 'id',
      'mapping': {
          'user_name': 'login',
          'affiliation': 'company'
      }
  }
}

The name you picked for the auth/identity provider (here: github), is must be the same as the final part of the callback URL (here: https://indico.example.org/multipass/authlib/github)