Skip to main content
Version: 3.1.0-Beta 🚧

GitHub Single Sign-on Configuration

To enable GitHub Single Sign-on (SSO) for your ToolJet instance, follow these steps:

  1. From the ToolJet dashboard, go to Settings (⚙️) from the bottom of the left sidebar and select the Workspace Settings.

  2. In the Workspace Settings, select Workspace login from the sidebar. On the right, you'll see toggles to enable SSO via different clients. All the client toggles are disabled by default. After turning it on, a modal will appear with input fields for parameters such as Host name, Client ID, and Client secret. At the top left of the modal, there is a toggle to enable this modal. Turn it on, and then, without entering any parameters, click on the Save changes button. This will generate a Redirect URL that you will need to utilize in the GitHub Developer settings.

    GitHub SSO
  3. Now go to the GitHub Developer settings and navigate to OAuth Apps and create a new OAuth App.

  • Enter the App Name, Homepage URL, and Authorization callback URL. The Authorization callback URL should be the generated Redirect URL in the ToolJet GitHub manage SSO page. Click on the Register application button to create the OAuth App.

    GitHub SSO
  • The Client ID will be generated automatically.

  • Generate the Client Secret by clicking the Generate a new client secret button.

    GitHub SSO
  1. Open the ToolJet's GitHub SSO settings and enter the obtained Client ID and Client Secret.
GitHub SSO
  1. If you are using GitHub Enterprise self-hosted, enter the Host Name. The host name should be a URL and should not end with /, for example, https://github.tooljet.com. If it is not self-hosted, you can skip this field.

  2. Finally, click on the Save changes button and the GitHub sign-in button will now be available in your ToolJet login screen.

  3. Obtain the Login URL from the General Settings of the SSO page.

Setting Default SSO

To set GitHub as the default SSO for the instance, use the following environment variables:

Variable
Description
SSO_GIT_OAUTH2_CLIENT_IDGitHub OAuth client ID
SSO_GIT_OAUTH2_CLIENT_SECRETGitHub OAuth client secret
SSO_GIT_OAUTH2_HOSTGitHub OAuth host name if GitHub is self-hosted

Redirect URL should be <host>/sso/git

Exposed ssoUserInfo

Once the GitHub SSO is configured (on ToolJet version 2.28.0-ee2.12.2 or above), ToolJet will expose the user info returned by the GitHub. The user info will be available under the ssoUserInfo property of the currentUser global variable. Check the Inspector doc to learn more.

The exposed user info can be dynamically accessed throughout the apps using JS {{globals.currentUser.ssoUserInfo.<key>}}

The following is an example of the user info returned by GitHub:

Key
Description
Syntax to Access
loginGitHub username{{globals.currentUser.ssoUserInfo.login}}
idGitHub user ID{{globals.currentUser.ssoUserInfo.id}}
node_idGitHub user node ID{{globals.currentUser.ssoUserInfo.node_id}}
avatar_urlGitHub user avatar URL{{globals.currentUser.ssoUserInfo.avatar_url}}
gravatar_idGitHub user gravatar ID{{globals.currentUser.ssoUserInfo.gravatar_id}}
urlGitHub user URL{{globals.currentUser.ssoUserInfo.url}}
html_urlGitHub user HTML URL{{globals.currentUser.ssoUserInfo.html_url}}
followers_urlGitHub user followers URL{{globals.currentUser.ssoUserInfo.followers_url}}
following_urlGitHub user following URL{{globals.currentUser.ssoUserInfo.following_url}}
gists_urlGitHub user gists URL{{globals.currentUser.ssoUserInfo.gists_url}}
starred_urlGitHub user starred URL{{globals.currentUser.ssoUserInfo.starred_url}}
subscriptions_urlGitHub user subscriptions URL{{globals.currentUser.ssoUserInfo.subscriptions_url}}
organizations_urlGitHub user organizations URL{{globals.currentUser.ssoUserInfo.organizations_url}}
repos_urlGitHub user repos URL{{globals.currentUser.ssoUserInfo.repos_url}}
events_urlGitHub user events URL{{globals.currentUser.ssoUserInfo.events_url}}
received_events_urlGitHub user received events URL{{globals.currentUser.ssoUserInfo.received_events_url}}
typeGitHub user type{{globals.currentUser.ssoUserInfo.type}}
site_adminGitHub user site admin{{globals.currentUser.ssoUserInfo.site_admin}}
nameGitHub user name{{globals.currentUser.ssoUserInfo.name}}
companyGitHub user company{{globals.currentUser.ssoUserInfo.company}}
blogGitHub user blog{{globals.currentUser.ssoUserInfo.blog}}
locationGitHub user location{{globals.currentUser.ssoUserInfo.location}}
emailGitHub user email{{globals.currentUser.ssoUserInfo.email}}
hireableGitHub user hireable{{globals.currentUser.ssoUserInfo.hireable}}
bioGitHub user bio{{globals.currentUser.ssoUserInfo.bio}}
twitter_usernameGitHub user twitter username{{globals.currentUser.ssoUserInfo.twitter_username}}
public_reposGitHub user public repos{{globals.currentUser.ssoUserInfo.public_repos}}
public_gistsGitHub user public gists{{globals.currentUser.ssoUserInfo.public_gists}}
followersGitHub user followers{{globals.currentUser.ssoUserInfo.followers}}
followingGitHub user following{{globals.currentUser.ssoUserInfo.following}}
created_atGitHub user created at{{globals.currentUser.ssoUserInfo.created_at}}
updated_atGitHub user updated at{{globals.currentUser.ssoUserInfo.updated_at}}
access_tokenGitHub user access token. Sensitive information of a logged-in user.{{globals.currentUser.ssoUserInfo.access_token}}
GitHub SSO

Example: Getting User Information Using the access_token

Once a user is logged in to ToolJet using GitHub SSO, the access token of the user becomes available. This access token can be utilized within ToolJet apps to retrieve detailed user information from the GitHub API.

  1. Log in to ToolJet using GitHub Single Sign-on as outlined in the previous setup steps.

  2. Create a new ToolJet application and then create new REST API query. Set the method to GET and the URL to https://api.github.com/user/followers. This API call will return the list of followers for the logged-in GitHub user.

  3. In the Headers section of the query, include the key Authorization and set the value to Bearer {{globals.currentUser.ssoUserInfo.access_token}}. This will pass the user's GitHub access token as a Bearer token in the request header.

  4. Execute the query to fetch the list of followers for the logged-in user. The response will contain the list of followers for the authenticated GitHub user.

GitHub SSO