Overview

OAuth authorization is strongly recommended for production application.

OAuth is a protocol that lets external apps request authorization to private details in a user's GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.

All developers need to register their application before getting started. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared. You may create a personal access token for your own use or implement the web flow below to allow other users to authorize your application.

GitHub's OAuth implementation supports the standard authorization code grant type. Developers should implement the web application flow described below to obtain an authorization code and then exchange it for a token. (The implicit grant type is not supported.)

Useful Links

• GitHub oAuth for ASP.NET
• OAuth official GitHub API
• OAuth Wikipedia