GitHub auth provider
The GitHub auth provider enables tools and agents to call GitHub APIs on behalf of a user. Behind the scenes, the Arcade Engine and the GitHub auth provider seamlessly manage GitHub OAuth 2.0 authorization for your users.
Want to quickly get started with GitHub in your agent or AI app? The pre-built Arcade GitHub toolkit is what you want!
What’s documented here
This page describes how to use and configure GitHub auth with Arcade.
This auth provider is used by:
- The Arcade GitHub toolkit, which provides pre-built tools for interacting with GitHub
- Your app code that needs to call the GitHub API
- Or, your custom tools that need to call the GitHub API
Configuring GitHub auth
In a production environment, you will most likely want to use your own GitHub app credentials. This way, your users will see your application’s name requesting permission.
You can use your own GitHub credentials in both the Arcade Cloud and in a self-hosted Arcade Engine instance.
Before showing how to configure your GitHub app credentials, let’s go through the steps to create a GitHub app.
Create a GitHub app
- Follow GitHub’s guide to registering a GitHub app
- Choose the permissions you need for your app
- At a minimum, you must enable read-only access to the Account > Email addresses permission
- To access repo data, you must enable at least the Repository > Contents permission
- Set the redirect URL to:
https://cloud.arcade.dev/api/v1/oauth/callback - Leave “Request user authorization (OAuth) during installation” unchecked
- Leave “Setup URL” blank and “Redirect on update” unchecked
- Ensure Optional features > User-to-server token expiration is enabled
- Copy the client ID and generate a client secret to use below
If you need to access private repositories in an organization, you must also:
- Make the app public via Advanced > Make public
- Add the app to the organization via Install app
Next, add the GitHub app to your Arcade Engine configuration. You can do this in the Arcade Dashboard, or by editing the engine.yaml file directly (for a self-hosted instance).
Configuring your own GitHub Auth Provider in Arcade
There are two ways to configure your GitHub app credentials in Arcade:
- From the Arcade Dashboard GUI
- By editing the
engine.yamlfile directly (for a self-hosted Arcade Engine)
We show both options step-by-step below.
Configure GitHub Auth Using the Arcade Dashboard GUI
Access the Arcade Dashboard
To access the Arcade Cloud dashboard, go to api.arcade.dev/dashboard. If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard. Adjust the host and port number to match your environment.
Navigate to the OAuth Providers page
- Under the OAuth section of the Arcade Dashboard left-side menu, click Providers.
- Click Add OAuth Provider in the top right corner.
- Select the Included Providers tab at the top.
- In the Provider dropdown, select GitHub.
Enter the provider details
- Choose a unique ID for your provider (e.g. “my-github-provider”).
- Optionally enter a Description.
- Enter the Client ID and Client Secret from your GitHub app.
Create the provider
Hit the Create button and the provider will be ready to be used in the Arcade Engine.
When you use tools that require GitHub auth using your Arcade account credentials, the Arcade Engine will automatically use this GitHub OAuth provider. If you have multiple GitHub providers, see using multiple auth providers of the same type for more information.
Using GitHub auth in app code
Use the GitHub auth provider in your own agents and AI apps to get a user token for the GitHub API. See authorizing agents with Arcade to understand how this works.
Use client.auth.start() to get a user token for the GitHub API:
import requests
from arcadepy import Arcade
client = Arcade() # Automatically finds the `ARCADE_API_KEY` env variable
user_id = "user@example.com"
"""
In this example, we will use Arcade to authenticate with GitHub and retrieve
the number of stargazers of the ArcadeAI/arcade-ai repository.
There is a tool for that in the Arcade SDK, which simplifies the process for
you to interact with GitHub either through our Python or JavaScript SDKs or via
LLM tool calling.
Below we are just showing how to use Arcade as an auth provider, if you ever
need to.
"""
# Start the authorization process
auth_response = client.auth.start(
user_id=user_id,
provider="github",
)
if auth_response.status != "completed":
print("Please complete the authorization challenge in your browser:")
print(auth_response.url)
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
if not auth_response.context.token:
raise ValueError("No token found in auth response")
token = auth_response.context.token
owner = "ArcadeAI"
name = "arcade-ai"
headers = {
"Accept": "application/vnd.github+json",
"Authorization": f"Bearer {token}",
"X-GitHub-Api-Version": "2022-11-28",
}
url = f"https://api.github.com/repos/{owner}/{name}"
response = requests.get(url, headers=headers)
response.raise_for_status()
print(response.json().get("stargazers_count"))Using GitHub auth in custom tools
You can use the pre-built Arcade GitHub toolkit to quickly build agents and AI apps that interact with GitHub.
If the pre-built tools in the GitHub toolkit don’t meet your needs, you can author your own custom tools that interact with the GitHub API.
Use the GitHub() auth class to specify that a tool requires authorization with GitHub. The context.authorization.token field will be automatically populated with the user’s GitHub token:
from typing import Annotated
import httpx
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import GitHub
@tool(requires_auth=GitHub())
async def count_stargazers(
context: ToolContext,
owner: Annotated[str, "The owner of the repository"],
name: Annotated[str, "The name of the repository"],
) -> Annotated[int, "The number of stargazers (stars) for the specified repository"]:
"""Count the number of stargazers (stars) for a GitHub repository."""
if not context.authorization or not context.authorization.token:
raise ValueError("No token found in context")
headers = {
"Accept": "application/vnd.github+json",
"Authorization": f"Bearer {context.authorization.token}",
"X-GitHub-Api-Version": "2022-11-28",
}
url = f"https://api.github.com/repos/{owner}/{name}"
async with httpx.AsyncClient() as client:
response = await client.get(url, headers=headers)
response.raise_for_status()
return response.json().get("stargazers_count", 0)