GitHub OAuth
This page is roadmap documentation only. It should not be treated as a working setup guide for the current branch.
Current status
- No built-in GitHub OAuth flow is shipped here
- No login, callback, or session endpoints are available on this branch
- The public configuration API for this feature is still pending implementation
What to use today
For production protection today, use Cloudflare Access. That is the only documented auth flow that matches the current code.
Planned use case
The intended direction is team login through GitHub accounts, but the final configuration shape, callback handling, and session model are not part of the current codebase yet.
Dev Branch Preview
On the dev branch, GitHub OAuth is configured through the oauth() provider:
// dev branch preview only
import { oauth } from '@conloca/content-api/node';
auth: {
provider: oauth({
github: {
clientId: process.env.GITHUB_CLIENT_ID,
clientSecret: process.env.GITHUB_CLIENT_SECRET,
},
sessionSecret: process.env.SESSION_SECRET,
}),
roles: {
admin: ['lead@company.com'],
editor: ['*@company.com'],
},
}
The current dev implementation also adds /__cms/auth/login and /__cms/auth/callback routes plus signed session
cookies.
Next steps
- Getting Started — Set up your first Conloca site
- Cloudflare Access — Current production-ready protection
- Docker deployment — Deploy with Docker Compose