Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

GitHub authentication

GitHub lets your users sign in with the GitHub account they already use for code and projects. You create a GitHub OAuth app in your GitHub settings, set one Authorization callback URL to WeWeb’s callback route, then paste the app’s Client ID and Client secret into WeWeb so you can offer “Continue with GitHub” in your sign-in flows.

GitHub’s own guide for this flow is Creating an OAuth app.

What this integration supports

  • Let users sign in with their GitHub account through a standard GitHub OAuth app.
  • Work with the Sign in with social provider action in your interface workflows.
  • Use the same WeWeb Users, Roles, protected pages, and protected API rules as any other sign-in method.
  • Send users to different pages after sign in, after an error, or on first sign in.

Setup in GitHub

You can register an OAuth app under your personal account or under an organization where you have admin access. Use only information you are comfortable treating as public in the app name, homepage, and description (see GitHub’s warnings in their docs).

1. Create the OAuth app

  1. On GitHub, open your profile menu → Settings for a personal OAuth app (for an app owned by an organization, open the organization, then Settings).
  2. In the left sidebar, open Developer settings.
  3. Click OAuth apps, then New OAuth App (if you have not created one before, the button may be labeled Register a new application).
  4. Fill in the form:
    • Application name, A name for your app.
    • Homepage URL, The full URL of your product or site (GitHub requires a full https:// URL).
    • Optionally, Application description, short text users may see.
    • Authorization callback URL, Set this to WeWeb’s callback for the environment you are configuring (see the next section). You must use the exact URL WeWeb uses for that environment.
  5. Only enable Enable Device Flow if you know you need the device flow; typical WeWeb web sign-in does not require it. See GitHub’s Authorizing OAuth apps if you use it.
  6. Click Register application.

2. Authorization callback URL and WeWeb

WeWeb finishes the OAuth exchange at a fixed path on your app’s origin:

https://<origin>/api/auth/callback/github

Important: a GitHub OAuth app allows only one Authorization callback URL per app. GitHub documents that unlike GitHub Apps, OAuth apps cannot list multiple callback URLs. So you pick one environment per OAuth app and set the callback to match that origin:

If users sign in fromSet Authorization callback URL to
WeWeb editorhttps://<your-project-id>-editor.weweb.io/api/auth/callback/github
Published apphttps://your-domain.com/api/auth/callback/github
Preview or staginghttps://your-preview-domain.com/api/auth/callback/github

To support more than one environment (for example editor and production), create a separate OAuth app in GitHub for each, with its own single callback URL, Client ID, and Client secret, and place the matching credentials in WeWeb for the Editor and Production (or other) environments where you configure social providers. You can create and manage each app from Developer settingsOAuth apps.

FULL URLS MATTER

Use https:// and the full path ending in /api/auth/callback/github. A typo here is the most common cause of redirect errors after you click “Sign in with GitHub”.

3. Copy the Client ID and Client secret

  1. After you register, GitHub opens the OAuth app’s settings page. You can return to it anytime from Developer settingsOAuth apps → your app.
  2. Copy the Client ID.
  3. Click Generate a new client secret, then copy the Client secret right away (GitHub may only show it once).

If you rotate the secret, update the value in WeWeb wherever you stored it.

Connect GitHub in WeWeb

With your OAuth app credentials ready, connect the provider in WeWeb.

  1. In the WeWeb editor, open Data & API → Authentication → SSO Providers.
  2. Find the GitHub provider section and expand it.
  3. Turn on the Enable toggle for GitHub.
  4. Paste your values:
    • Client ID, From your OAuth app page.
    • Client Secret, From the same OAuth app (after you generate it).
  5. Save your changes.

Use the OAuth app whose callback URL matches how you are testing (editor preview domain vs published domain). If you use different apps per environment, enter the credentials that match each environment in WeWeb’s settings for that mode.

GITHUB CALLBACK URL VS SUCCESS PAGE

The value you put in GitHub is always WeWeb’s route: https://<your-origin>/api/auth/callback/github.

The Success page, Error page, and New user page in the Sign in with social provider action are separate. They control where users land after that callback completes inside your app.

Test sign in

After saving the provider configuration, test end to end.

  1. In the editor, add a button or link to your interface.
  2. Attach a workflow with the Sign in with social provider interface action.
  3. In the action options:
    • Set Provider to github.
    • Choose a Success page for where users should land after sign in.
    • Choose an Error page for where users should go if sign in fails.
    • Optionally choose a New user page if you want to route first-time users differently.
  4. Preview your project and click the button.
  5. Complete the GitHub sign-in flow with a test GitHub account.
  6. Confirm that you are redirected to the correct page in your app and authenticated as the expected user.

For how sessions, roles, and page protection work once a user is signed in, see Using authentication in WeWeb ->.

Common pitfalls

Redirect URI or callback URL mismatch

If GitHub shows an error about the redirect or callback URL, the Authorization callback URL on your OAuth app does not match the origin WeWeb is using for that test.

  • Confirm the URL is exactly: https://<origin>/api/auth/callback/github for that environment’s origin.
  • If you changed preview domains or custom domains, update the OAuth app (open your app and change Authorization callback URL, or use another OAuth app whose callback matches the new origin).

Only one callback URL on an OAuth app

You cannot add several callback URLs to a single GitHub OAuth app. If sign in should work in the editor and on a live domain, create two OAuth apps (one callback each) and wire the right Client ID / Client secret per environment in WeWeb.

Using the success page as the GitHub callback

The Success page in Sign in with social provider is not what you paste into GitHub.

  • GitHub needs the fixed WeWeb callback URL: https://<origin>/api/auth/callback/github.
  • The action’s page settings only decide where the user goes after sign-in completes.

Sensitive information in the OAuth app form

GitHub warns against putting internal-only URLs or secrets in the application name, homepage, or public fields. Prefer stable public-facing URLs and names.

Reference

WeWeb settings reference

SettingDescriptionWhere to find it in GitHub
EnableTurns GitHub sign in on for your WeWeb project.Not used in GitHub; enable in WeWeb after you finish GitHub setup.
Client IDIdentifies your OAuth app to GitHub.SettingsDeveloper settingsOAuth apps → your app.
Client SecretSecret used when completing the OAuth exchange.Same OAuth app page → Generate a new client secret.

GitHub fields to prepare

GitHub fieldWhat to enter
Homepage URLA public site or product URL (full https:// URL).
Authorization callback URLExactly one WeWeb callback: https://<origin>/api/auth/callback/github for the environment this OAuth app is for.

FAQs

Which callback URL should I put in GitHub?

Use https://<origin>/api/auth/callback/github, where <origin> is the place users actually run sign-in, for example your editor project host or your live domain. That is separate from the Success page you choose in the sign-in action.

Why do I need more than one OAuth app?

A GitHub OAuth app only accepts one authorization callback URL. If you need GitHub sign-in from both the WeWeb editor and your published app (different origins), create one OAuth app per origin and use the matching client credentials in each WeWeb environment.

Is the success page the same as the GitHub callback URL?

No. The GitHub callback URL always ends with /api/auth/callback/github. The success page is a page in your WeWeb app where you send users after sign-in finishes.

Can I use GitHub sign in and email/password together?

Yes. You can enable multiple providers and let users choose how to sign in.

Where can I read GitHub’s official steps?

See Creating an OAuth app on GitHub Docs. For context on OAuth apps vs GitHub Apps, see Differences between GitHub Apps and OAuth apps.

CONTINUE LEARNING

After GitHub sign in is working, the next step is deciding what authenticated users can access.

Managing roles ->