With the GitHub Login Integration Kit, PingFederate includes the GitHub authentication API in the sign-on flow.
The following figure illustrates a service provider (SP)-initiated single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using the GitHub IdP Adapter.
- The user opens a web application and chooses the GitHub sign-on option.
- The sign-on link points to the GitHub IdP Adapter, which redirects the browser...
- ...to GitHub with the client ID and a list of requested permissions. On GitHub, the user authenticates their identity and then authorizes the requested permissions.
- GitHub redirects the browser...
- ...to the GitHub IdP Adapter authorization callback endpoint with an
If the user fails to authenticate or does not authorize the request, the response includes an error code instead.
- PingFederate sends GitHub the client ID, client secret, authorization code, and the PingFederate authorization callback URL.
- GitHub returns an access token.
- PingFederate sends GitHub a request for user attributes and presents the access token.
- GitHub verifies the access token and provides the user information.
- PingFederate redirects the user to the web application with the user attributes.