Skip to content

Oauth - GitHub OAuth Provider (Web Flow + Deep Link) #3337

New issue
New issue
Open
0 of 1 issue completed
Open
Oauth - GitHub OAuth Provider (Web Flow + Deep Link)#3337
0 of 1 issue completed
Assignees
palisadoes-bot
Labels
dartPull requests that update Dart codesecuritySecurity fix
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Feb 13, 2026

Problem

GitHub OAuth via browser with CSRF state and deep-link callback is not implemented.

Scope

Implement GitHubOAuthProvider to:

  • Generate and store state
  • Launch external browser authorize URL
  • Return null (the code arrives via deep link handler)

Approach

Use url_launcher and shared_preferences.

Dependencies

  • Blocked By:
  • Blocks:

Files to Modify/Create

  • talawa/lib/services/oauth/providers/github_oauth_provider.dart

Acceptance Criteria

  • All existing functionality must be maintained
  • Implementation must ensure no breaking changes when PR is merged

Testing Requirements

  • All tests must pass successfully
  • Code coverage must be >= 96%

Sample Code

This sample code is only representative of what could be done. It is provided only to give a general outline. You will need to use your initiative and industry best practices to find a solution that is suitable for the application.

// talawa/lib/services/oauth/providers/github_oauth_provider.dart
import 'dart:convert'; import 'dart:math';
import 'package:url_launcher/url_launcher.dart';
import 'package:shared_preferences/shared_preferences.dart';
import '../../oauth_provider.dart';

class GitHubOAuthProviderImpl implements OAuthProvider {
  @override String get providerName => "GITHUB";

  Future<String> _genState() async {
    final b = List<int>.generate(32, (_) => Random.secure().nextInt(256));
    return base64UrlEncode(b);
  }

  @override Future<String?> authorize() async {
    final prefs = await SharedPreferences.getInstance();
    final state = await _genState();
    await prefs.setString('gh_oauth_state', state);
    final clientId = const String.fromEnvironment('GITHUB_CLIENT_ID', defaultValue: '');
    final redirect = const String.fromEnvironment('GITHUB_REDIRECT_URI', defaultValue: 'talawa://oauth/callback');
    final uri = Uri.https("github.com", "/login/oauth/authorize", {
      "client_id": clientId, "redirect_uri": redirect, "scope": "user:email", "state": state
    });
    await launchUrl(uri, mode: LaunchMode.externalApplication);
    return null;
  }
}

Sub-issues

Metadata

Metadata

Assignees

Labels

dartPull requests that update Dart codesecuritySecurity fix

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions