Skip to content
/ vercel-github-oauth-proxy Public
forked from n4bb12/vercel-github-oauth-proxy

β–²πŸ” Protect a static website hosted on Vercel behind GitHub authentication.

vercel-github-oauth-proxy.vercel.app

License

ISC license
0 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

epicgame12414/vercel-github-oauth-proxy

BranchesTags
Β 
Β 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

30 Commits
api
api
Β 
Β 
lib
lib
Β 
Β 
public
public
Β 
Β 
static
static
Β 
Β 
.gitignore
.gitignore
Β 
Β 
.prettierignore
.prettierignore
Β 
Β 
.prettierrc
.prettierrc
Β 
Β 
.release-it.json
.release-it.json
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
package.json
package.json
Β 
Β 
pnpm-lock.yaml
pnpm-lock.yaml
Β 
Β 
tsconfig.build.json
tsconfig.build.json
Β 
Β 
tsconfig.json
tsconfig.json
Β 
Β 
vercel.json
vercel.json
Β 
Β 

Repository files navigation

β–²πŸ” Vercel GitHub OAuth Proxy

Protect a static website hosted on Vercel behind GitHub authentication.

Version License Issues

Setup

Step 1 β€” Add the library

yarn add vercel-github-oauth-proxy

Step 2 β€” Create an API endpoint at /api/index.ts

import { createLambdaProxyAuthHandler } from "vercel-github-oauth-proxy"

export default createLambdaProxyAuthHandler(config)

config.cryptoSecret

This is used to sign cookies.

config.staticDir

The output directory of the static website.

config.githubOrgName

The GitHub org users need to be part of.

config.githubClientId config.githubClientSecret

The id/secret pair of your GitHub OAuth app. You can create a new app at https://github.com/organizations/{config.githubOrgName}/settings/applications/new

config.githubOrgAdminToken

Private org memberships can only be determined by making an authenticated API request.

We could request read:org scope during the OAuth flow and then use each user's access token to determine org membership, but using this method means the user additionally needs to request org access during or after the login flow and requires an org admin to confirm. This makes this approach inconvenient for both the users and the admin.

Therefore we're using a separate org admin token to verify membership during login (org admins can see all users).

Step 3 β€” Create a vercel.json

{
  "version": 2,
  "routes": [{ "src": "/(.*)", "dest": "/api/index.ts" }],
  "functions": {
    "api/index.ts": {
      "includeFiles": "static/**"
    }
  }
}

This routes all traffic through the lambda endpoint.

Adapt includeFiles to your public output folder. Including these files is required because the static website needs to be deployed as part of the lambda function, not the default build. See also the function docs and limits.

Step 4 β€” Build

If you have an existing build script, rename it to vercel-build to build your website as part of the lambda build instead of the normal build.

Make sure to not keep the build script as it would result in duplicate work or may break deployment entirely. For more information see custom-build-step-for-node-js.

{
  "scripts": {
    "vercel-build": "your website build command"
  }
}

Local development

To develop locally, run

yarn vercel dev

When developing locally, you'll need to update your GitHub OAuth app's redirect URL to http://localhost:3000.

About

β–²πŸ” Protect a static website hosted on Vercel behind GitHub authentication.

vercel-github-oauth-proxy.vercel.app

Resources

Readme

License

ISC license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

8 tags

Packages

No packages published

Languages

  • TypeScript 86.5%
  • HTML 13.5%