APPLICATION & SOFTWARE SECURITY

Overview

I integrated OAuth into a Flask app using GitHub as the identity provider. I registered an OAuth application, wired the authorization flow, secured secrets with environment variables, and verified the end-to-end sign-in experience.
(How to Implement OAuth in a Web Application)

Objectives

Add OAuth login without storing user passwords
Securely handle client secrets and tokens
Provide a clean user experience with clear logout behavior
Document configuration for fast onboarding

Prerequisites

Python and Flask basics
A GitHub account and access to Developer Settings
Local run environment

Tools and technologies

Flask, OAuth client library, GitHub Developer Settings
Environment variable management and HTTPS guidance

Implementation

1. Registration

Created a GitHub OAuth app with homepage and callback URLs
Captured Client ID and Client Secret and stored them securely

2. App integration

Added an OAuth client to Flask and implemented login, callback, and logout routes
Scoped requests to basic profile email to minimize permissions
Stored secrets in environment variables to keep them out of source control

3. Verification

Ran through the full authorization code flow locally
Validated token storage in session and confirmed logout clears session data

4. Hardening

Noted the requirement for HTTPS in production
Rotated secrets and tested failure modes for missing or invalid credentials

5. Documentation

Wrote setup steps, environment variable names, and troubleshooting tips
Included notes on callback URL mismatches and scope errors

Outcomes

Working OAuth login with GitHub as the provider
Clean separation of secrets from code
Clear setup guide that others can follow

Skills demonstrated

OAuth integration and session handling
Secure configuration and secret management
User authentication design

← Juice Shop Labs

SQL Shield →

Google Sites

Report abuse