🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

vercel-github-oauth-proxy

Package Overview
Dependencies
Maintainers
1
Versions
13
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

vercel-github-oauth-proxy

Protect a static website hosted on Vercel behind GitHub authentication.

latest
Source
npmnpm
Version
1.2.6
Version published
Maintainers
1
Created
Source

▲🔐 Vercel GitHub OAuth Proxy

Protect a static website hosted on Vercel behind GitHub authentication.

Version License Issues

Setup

Step 1 — Add the library

yarn add vercel-github-oauth-proxy

Step 2 — Create an API endpoint at /api/index.ts

import { createLambdaProxyAuthHandler } from "vercel-github-oauth-proxy"

export default createLambdaProxyAuthHandler(config)

config.cryptoSecret

This is used to sign cookies.

config.staticDir

The output directory of the static website.

config.githubOrgName

The GitHub organization users need to be part of in order to be able to sign in.

You cannot use your personal GitHub account for this, you need an organization.

config.githubClientId config.githubClientSecret

The id/secret pair of your GitHub OAuth app.

Create a new OAuth app at https://github.com/organizations/{config.githubOrgName}/settings/applications/new

config.githubOrgAdminToken

Create a token with read:org permission at https://github.com/settings/tokens.

The reason you need a token is that private org memberships can only be determined by making an authenticated API request.

We could request read:org scope during the OAuth flow and then use each user's access token to determine org membership, but using this method means the user additionally needs to request org access during or after the login flow and requires an org admin to confirm. This makes this approach inconvenient for both the users and the admin.

Therefore we're using a separate org admin token to verify membership during login (org admins can see all users).

Step 3 — Create a vercel.json

{
  "version": 2,
  "routes": [{ "src": "/(.*)", "dest": "/api/index.ts" }],
  "functions": {
    "api/index.ts": {
      "includeFiles": "static/**"
    }
  }
}

This routes all traffic through the lambda endpoint.

Adapt includeFiles to your public output folder. Including these files is required because the static website needs to be deployed as part of the lambda function, not the default build. See also these docs:

Step 4 — Build

If you have an existing build script, rename it to vercel-build to build your website as part of the lambda build instead of the normal build.

Make sure to not keep the build script as it would result in duplicate work or may break deployment entirely. For more information see custom-build-step-for-node-js.

{
  "scripts": {
    "vercel-build": "your website build command"
  }
}

Local development

To develop locally, run

yarn vercel dev

When developing locally, you'll need to update your GitHub OAuth app's redirect URL to http://localhost:3000.

Keywords

vercel
github
oauth
proxy
static
website

FAQs

Package last updated on 19 Sep 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Security News

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.

By Sarah Gooding  -  Dec 12, 2025