29f53fd3a4
* new topics * update diagram * more writing and sidebar entries * fix file name * more link fixes * fix header level * Optimised images with calibre/image-actions * rewrite stuff Signed-off-by: Jens Langhammer <jens@goauthentik.io> * reorganize more Signed-off-by: Jens Langhammer <jens@goauthentik.io> * messed w/ diagram and added 3 categories * fixed anchor * removed whole line * add link * more rearrangements * more content * edits * more polishes, rest of Jens' knowledge dump * more content * tweaks * tweak * argh * synch with main * tweaks to test merge * cleanup * offline_access * polish --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tana@goauthentik.com> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
1.2 KiB
1.2 KiB
title
| title |
|---|
| GitHub compatibility |
The OAuth2 provider also exposes a GitHub-compatible endpoint. This endpoint can be used by applications, which support authenticating against GitHub Enterprise, but not generic OpenID Connect.
To use any of the GitHub Compatibility scopes, you have to use the GitHub Compatibility Endpoints.
| Endpoint | URL |
|---|---|
| Authorization | /login/oauth/authorize |
| Token | /login/oauth/access_token |
| User Info | /user |
| User Teams Info | /user/teams |
To access the user's email address, a scope of user:email is required. To access their groups, read:org is required. Because these scopes are handled by a different endpoint, they are not customisable as a Scope Mapping.
Special scopes for GitHub compatibility
user: No-op, is accepted for compatibility but does not give access to any resourcesread:user: Same as aboveuser:email: Allows read-only access to/user, including email addressread:org: Allows read-only access to/user/teams, listing all the user's groups as teams.