Version: 0.21.1

GitHub OAuth Integration

AeroEBT supports OAuth 2.0 authentication with GitHub accounts. This guide is designed for IT administrators configuring GitHub sign-in for development teams and organizations.

Overview

GitHub OAuth allows users to sign in to AeroEBT using their GitHub accounts. This is particularly useful for development teams and organizations that use GitHub for version control and want seamless authentication across platforms.

Prerequisites

GitHub account with organization admin access (for organization OAuth apps)
Organization-level or project-level access to AeroEBT dashboard
Understanding of OAuth 2.0 flow

Step 1: Create a GitHub OAuth App

For Personal/Organization Accounts

Navigate to GitHub and sign in
Go to Settings > Developer settings > OAuth Apps
Click New OAuth App
Fill in the application details:
- Application name: AeroEBT
- Homepage URL: https://[your-instance].ebt.skydynamics.aero
- Authorization callback URL: https://[your-instance].ebt.skydynamics.aero/auth/v1/callback
Click Register application

For GitHub Organizations

If you want to create an organization-level OAuth app:

Navigate to your organization's settings
Go to Developer settings > OAuth Apps
Click New OAuth App
Follow the same configuration steps as above

Step 2: Generate Client Secret

After creating the OAuth app:

You'll see your Client ID immediately
Click Generate a new client secret
Important: Copy the client secret immediately (you can only see it once)
Store both Client ID and Client Secret securely

Step 3: Configure OAuth Scopes

AeroEBT requires the following OAuth scopes:

user:email: Read user email addresses (required)
read:user: Read user profile data

These are the minimum scopes needed for authentication. Additional scopes are not required unless you're integrating GitHub-specific features.

Note: AeroEBT follows the principle of least privilege and only requests necessary permissions.

Step 4: Configure GitHub OAuth in AeroEBT

Navigate to your AeroEBT dashboard
Go to Settings > Authentication > Providers
Find GitHub in the list of providers
Click Configure or Enable
Enter the following information:
- Client ID: Paste the Client ID from Step 2
- Client Secret: Paste the Client Secret from Step 2
Click Save

Navigate to the AeroEBT sign-in page
Click Sign in with GitHub
You should be redirected to GitHub's authorization page
Review the requested permissions and click Authorize
You should be redirected back to AeroEBT
Verify that you're successfully signed in

Configuration Options

User Information Mapping

AeroEBT maps the following GitHub user information:

Email: Used as the primary user identifier
Username: GitHub username (login)
Full Name: Extracted from name field (if available)
Profile Picture: Extracted from avatar_url

Organization Access (Optional)

If you want to restrict access to specific GitHub organizations:

In GitHub OAuth app settings, you can configure organization restrictions
Users must be members of specified organizations to authenticate
This is useful for enterprise deployments

Security Considerations

Client Secret Security

Never commit the Client Secret to version control
Store secrets in secure environment variables or secret management systems
Rotate secrets regularly (every 90 days recommended)
Use different credentials for development and production environments

Organization Restrictions

For organization-level security:

Use GitHub organization OAuth apps instead of personal apps
Configure organization-level access controls
Use GitHub's organization verification features

Redirect URI Validation

Ensure that redirect URIs are exactly:

https://[your-instance].ebt.skydynamics.aero/auth/v1/callback

GitHub validates redirect URIs strictly. Do not include trailing slashes or additional parameters.

Advanced Configuration

GitHub Enterprise Server

If you're using GitHub Enterprise Server, configuration differs:

Navigate to your Enterprise Server instance
Go to Site administration > OAuth Applications
Create a new OAuth application
Use your Enterprise Server URL in the callback URL:
- https://[your-instance].ebt.skydynamics.aero/auth/v1/callback

Note: Contact AeroEBT support for Enterprise Server configuration assistance.

Webhook Integration (Optional)

If you want to integrate GitHub webhooks with AeroEBT:

Configure webhook endpoints in AeroEBT
Set up webhook secrets in GitHub
Configure webhook events to listen for
See AeroEBT webhook documentation for details

Troubleshooting

Common Issues

"Redirect URI mismatch" error

Verify the callback URL in GitHub exactly matches: https://[your-instance].ebt.skydynamics.aero/auth/v1/callback
Ensure there are no trailing slashes or typos
Check that the OAuth app is in the correct account/organization

"Application suspended" error

GitHub may suspend OAuth apps that violate terms of service
Verify your OAuth app is not suspended in GitHub settings
Contact GitHub support if suspension appears incorrect

Users cannot sign in

Verify Client ID and Client Secret are correctly entered in AeroEBT
Check that the OAuth app is active in GitHub
Ensure required scopes are granted during authorization

Email not available

Some GitHub users hide their email addresses
AeroEBT will prompt users to provide email if GitHub doesn't share it
Configure email visibility in GitHub user settings

Organization restrictions

If organization restrictions are enabled, verify user membership
Check organization settings in GitHub
Ensure the OAuth app has access to the organization

Debugging Steps

Check browser console: Look for JavaScript errors during redirect
Inspect network requests: Verify OAuth flow is completing
Review GitHub logs: Check OAuth app usage in GitHub settings
Verify credentials: Ensure Client ID and Secret are active and correct
Test with different accounts: Rule out account-specific issues

Rate Limiting

GitHub has rate limits for OAuth applications:

Unauthenticated requests: 60 requests per hour per IP
Authenticated requests: 5,000 requests per hour per OAuth token
Secondary rate limits: May apply during high traffic

If you encounter rate limiting:

Implement request queuing and retry logic
Use authenticated requests when possible
Monitor API usage in GitHub

Best Practices

For Development Teams

Create separate OAuth apps for development, staging, and production
Use environment-specific callback URLs
Document OAuth app ownership and purpose
Regularly review and audit OAuth app usage

For Organizations

Use organization-level OAuth apps for centralized management
Implement organization restrictions for access control
Monitor OAuth app usage through GitHub audit logs
Train team members on OAuth security best practices

Support

For additional assistance with GitHub OAuth configuration, please contact:

Your AeroEBT support representative
Email: support@skydynamics.aero
Documentation: https://docs.ebt.skydynamics.aero

Overview​

Prerequisites​

Step 1: Create a GitHub OAuth App​

For Personal/Organization Accounts​

For GitHub Organizations​

Step 2: Generate Client Secret​

Step 3: Configure OAuth Scopes​

Step 4: Configure GitHub OAuth in AeroEBT​

Step 5: Test GitHub Sign-In​

Configuration Options​

User Information Mapping​

Organization Access (Optional)​

Security Considerations​

Client Secret Security​

Organization Restrictions​

Redirect URI Validation​

Advanced Configuration​

GitHub Enterprise Server​

Webhook Integration (Optional)​

Troubleshooting​

Common Issues​

Debugging Steps​

Rate Limiting​

Best Practices​

For Development Teams​

For Organizations​

Support​