This setup uses GitHub OAuth directly - one click, done.
✅ Simple - Just GitHub OAuth, no complex layers ✅ Secure - Email validation restricts access ✅ Automatic - OAuth tokens refresh automatically ✅ Works with organization repos - As long as you have write access
- Go to: https://github.com/settings/developers (your personal account settings)
- Click "New OAuth App"
- Fill in:
- Application name:
Datalogics Documentation Studio - Homepage URL:
https://dev.datalogics.com(your production domain) - Authorization callback URL:
https://dev.datalogics.com/__nuxt_studio/auth/github
- Application name:
- Click "Register application"
Add a second callback URL:
- Go to your OAuth app settings
- Add:
http://localhost:3000/__nuxt_studio/auth/github
After creating the OAuth app:
- Client ID - You'll see this immediately (copy it)
- Client Secret - Click "Generate a new client secret" and copy it immediately (you won't see it again!)
- Go to Netlify Dashboard → Site settings → Environment variables
- Add these variables:
| Key | Value | Notes |
|---|---|---|
STUDIO_GITHUB_CLIENT_ID |
<your_client_id> |
From Step 2 |
STUDIO_GITHUB_CLIENT_SECRET |
<your_client_secret> |
From Step 2 |
STUDIO_GITHUB_MODERATORS |
your@email.com |
Required - Comma-separated list of authorized emails |
This is your access control! This restricts who can access Nuxt Studio.
- If set: Only users with matching email addresses can access Studio UI
- If not set: ANY GitHub user who authenticates can access Studio (dangerous!)
CRITICAL: Set this to restrict Studio access to authorized users only:
STUDIO_GITHUB_MODERATORS=admin1@datalogics.com,admin2@datalogics.comHow Access Control Works:
STUDIO_GITHUB_MODERATORS→ Controls who can access Studio UI- Repository write access → Controls who can actually publish changes
- Both must be satisfied: User must be in moderators list AND have write access to publish
Important: Environment variables only apply to new deployments!
- Trigger a new deployment:
- Push a commit, or
- Netlify Dashboard → Deploys → Trigger deploy → Deploy site
- Navigate to
https://dev.datalogics.com/studio/login - Click "Login with GitHub"
- Authorize the app on GitHub
- Your email will be validated against
STUDIO_GITHUB_MODERATORS - If authorized, Studio should now be active!
1. User visits /studio/login
↓
2. Clicks "Login with GitHub"
↓
3. Redirected to GitHub for authorization
↓
4. GitHub redirects back with OAuth code
↓
5. Studio exchanges code for OAuth token → Token stored in session
↓
6. Email validated against STUDIO_GITHUB_MODERATORS
↓
7. If authorized → Studio activated
↓
8. OAuth token automatically used for Git operations
Key Points:
- One click - Direct GitHub OAuth, no extra steps
- Email validation - Only authorized emails can access
- Automatic Git access - OAuth token used for publishing
- OAuth token refreshes automatically - No expiration issues!
- Check
STUDIO_GITHUB_MODERATORS- your email must be in the list - Verify you've authorized the OAuth app on GitHub
- Verify you have write access to
datalogics/datalogics-documentation-site - Check that OAuth app requested
reposcope (should be automatic) - Check Netlify function logs for errors
- Make sure callback URL in OAuth app matches exactly:
https://dev.datalogics.com/__nuxt_studio/auth/github - Check for trailing slashes, http vs https, etc.