The following figure illustrates a service provider (SP)-initiated single sign-on (SSO) scenario in which PingFederate authenticates users to an SP application using the GitHub IdP Adapter.

Description

  1. The user opens a web application and chooses the GitHub sign-on option.
  2. The sign-on link points to the GitHub IdP Adapter, which redirects the browser...
  3. ...to GitHub with the client ID and a list of requested permissions. On GitHub, the user authenticates their identity and then authorizes the requested permissions.
  4. GitHub redirects the browser...
  5. ...to the GitHub IdP Adapter authorization callback endpoint with an authorization code.

    If the user fails to authenticate or does not authorize the request, the response includes an error code instead.

  6. PingFederate sends GitHub the client ID, client secret, authorization code, and the PingFederate authorization callback URL.
  7. GitHub returns an access token.
  8. PingFederate sends GitHub a request for user attributes and presents the access token.
  9. GitHub verifies the access token and provides the user information.
  10. PingFederate redirects the user to the web application with the user attributes.