Single-sign-on (SSO)

Currently, the application only allows users to sign up for an account using a local username and password.

Another way to sign up for an account is with a single-sign-on (SSO) provider. This is a great way to reduce the number of passwords a user has to remember.

In this guide, we’ll use GitHub, which is pre-installed in the Epic Stack, but it’s possible to add more SSO providers like Google if you want.

Note

What is SSO and OAuth?

Traditionally, when a user signs up for an account on a website, they create a username and password. This is known as a “local” account.

With SSO, a user can sign up for an account using an existing account with a third-party provider, like GitHub.

OAuth is a protocol that allows a user to grant a third-party application access to their account without sharing their password.

When you sign up for an “Epic News” account using GitHub, you are using OAuth to authenticate with GitHub.

Set up a GitHub OAuth application

To use GitHub as an SSO provider, you need to create an OAuth application in your GitHub account. This will give you a client_id and client_secret that you can use to authenticate users. Let’s go through the steps to set this up.

1. Log in to your GitHub account.

2. Click your profile icon on the top right of your screen and go to Settings -> Developer settings -> OAuth Apps.

   

3. Hit the “Register a new application” button.

   

4. Type in http://localhost:3000 for “Homepage URL” and http://localhost:3000/auth/github/callback for “Authorization callback URL”.

   As for the “Application name”, set this to something meaningful (because your users will see the app’s name), e.g. EPIC_NEWS.

   

5. Hit the “Register application” button.

6. You will be redirected to the page with your newly created OAuth app’s details. You will see your app has got 0 users and no client secrets just yet, but the Client ID has already been assigned to your app.

   

7. Copy the Client ID value.

   Open the .env file in your project, and paste it as the GITHUB_CLIENT_ID.

   

8. Head back to the Github OAuth settings page still open in your browser.

   Now hit the “Generate client secret” button.

   

9. Copy over the newly generated secret to GITHUB_CLIENT_SECRET in the .env file.

   

10. Hit the Update application button at the bottom of your GitHub OAuth app page.

    

Your final .env file should now resemble this (values have been redacted):

LITEFS_DIR="/litefs/data"
DATABASE_PATH="./prisma/data.db"
DATABASE_URL="file:./data.db?connection_limit=1"
CACHE_DATABASE_PATH="./other/cache.db"
SESSION_SECRET="super-duper-s3cret"
HONEYPOT_SECRET="super-duper-s3cret"
INTERNAL_COMMAND_TOKEN="some-made-up-token"
RESEND_API_KEY="re_blAh_blaHBlaHblahBLAhBlAh"
SENTRY_DSN="your-dsn"

# the mocks and some code rely on these two being prefixed with "MOCK_"
# if they aren't then the real github api will be attempted
GITHUB_CLIENT_ID="72fa***************a"
GITHUB_CLIENT_SECRET="b2c6d323b**************************eae016"
GITHUB_TOKEN="MOCK_GITHUB_TOKEN"

Important

Before continuing, be sure to restart your application to pick up the new environment variables.

You can do this by stopping the server with Ctrl + C in your terminal, and then running npm run dev again.

Create a website user account via Github SSO

1. Make sure you are signed out of any existing user accounts on your Epic News application by clicking the “Logout” button in the top right corner of the screen.

   

2. Next, in the address bar of your browser, navigate to the /signup route.

   Epic News signup URL

   http://localhost:3000/signup

3. This time, click on the “Signup with GitHub” button.

   

4. You’ll be told that you don’t have any connections yet. Click “Connect with GitHub”:

   

5. If you are not already logged in to GitHub, you will be prompted to do so. Once you are logged in, you will be asked fill in your user details.

6. You will notice that this time, your username and avatar have been pre-filled from your GitHub account. Add your name, accept the Terms of Service, then click “Create an account”.

   

Challenge

Once you have created an account, spend some time exploring the different functionality available to authenticated users.

You can access the features listed below via the user actions dropdown in the top right corner of the screen:

Find your way around the following features:

• View your profile page.
• Update your email address and password.
• Manage ‘connections’ - a feature that allows you to see and edit which SSO providers your account is connected to.
• Download your data. What data is stored in the application about you?.
• See which active sessions are currently logged in to your account. TIP: Try logging in to your account from another browser or an incognito session to see this feature in action.
• Create, edit, read and delete ‘notes’.
• Delete your account.

Summary

In this step, we:

• learned how to set up a GitHub OAuth application and use it to authenticate users in your Epic News application.
• Updated the .env file with the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET values.
• Created a user account using GitHub as an SSO provider.
• Explored the different features available to authenticated users, such as managing connections, viewing active sessions, and creating, editing, reading, and deleting notes.

Assignment

📄 Assignment documentation

We need to update your assignment to document this new feature. 🚀

1. Explain what SSO is, how it works and what its benefits are to end-users.
2. Describe what OAuth is and how it helps with SSO.
3. Explain how to set up a GitHub OAuth application.
4. Show how to create a user account in “Epic News” using GitHub as an SSO provider.
5. Explain the different features available to authenticated users.

Tip

Useful links

• What is SSO?
• What is OAuth?
• GitHub OAuth documentation

What’s next?

In the next section, you will set up the Epic News database using Prisma.