Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
sinatra_auth_github
sinatra_auth_github
A sinatra extension that provides oauth authentication to github. Find out more about enabling your application at github's oauth quickstart.
To test it out on localhost set your callback url to 'http://localhost:9393/auth/github/callback'
The gist of this project is to provide a few things easily:
- authenticate a user against github's oauth service
- provide an easy way to make API requests for the authenticated user
- optionally restrict users to a specific github organization
- optionally restrict users to a specific github team
Installation
% gem install sinatra_auth_github
Running the Example
% gem install bundler
% bundle install
% GITHUB_CLIENT_ID="<from GH>" GITHUB_CLIENT_SECRET="<from GH>" bundle exec rackup -p9393
There's an example app in spec/app.rb.
Example App Functionality
You can simply authenticate via GitHub by hitting http://localhost:9393
You can check organization membership by hitting http://localhost:9393/orgs/github
You can check team membership by hitting http://localhost:9393/teams/42
All unsuccessful authentication requests get sent to the securocat denied page.
API Access
The extension also provides a simple way to access the GitHub API, by providing an authenticated Octokit::Client for the user.
def repos
github_user.api.repositories
end
For more information on API access, refer to the octokit documentation.
Extension Options
:scopes- The OAuth2 scopes you require, Learn More:secret- The client secret that GitHub provides:client_id- The client id that GitHub provides:failure_app- A Sinatra::Base class that has a route for/unauthenticated, Useful for overriding the securocat default page.:callback_url- The path that GitHub posts back to, defaults to/auth/github/callback.
Enterprise Authentication
Under the hood, the warden-github portion is powered by octokit. If you find yourself wanting to connect to a GitHub Enterprise installation you'll need to export two environmental variables.
- OCTOKIT_WEB_ENDPOINT - The web endpoint for OAuth, defaults to https://github.com
- OCTOKIT_API_ENDPOINT - The API endpoint for authenticated requests, defaults to https://api.github.com
FAQs
Unknown package
We found that sinatra_auth_github demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Sep 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025