OathWall

GitHub Login in Unity (OAuth, no backend)

The Oathwall Team3 min read

GitHub login makes sense for a specific kind of project: a dev tool, a game jam entry, a modding hub, or a game whose players live in developer communities. They already have a GitHub account, so it's a one-tap sign-in. This guide sets it up with OAuth, no backend, and covers the email quirk that surprises people — GitHub often hands you nothing where you expected an address.

When GitHub login is the right call

GitHub isn't a mainstream consumer identity like Google. Its audience is developers. So it shines for tools and games aimed at that crowd — a level editor, a jam submission portal, a modding platform, an open-source game's companion app. If your players are shipping code anyway, "Sign in with GitHub" feels native. For a broad consumer title, reach for Google or Apple instead, and keep GitHub as a secondary option.

Step 1: Register a GitHub OAuth app

  1. Go to GitHub → Settings → Developer settings → OAuth Apps and click New OAuth App (github.com/settings/developers).
  2. Fill in the app name and homepage URL.
  3. Set the Authorization callback URL to exactly:
https://sso.oathwall.com/auth/callback
  1. Create the app, then generate a client secret. Copy both the Client ID and the Client Secret — GitHub shows the secret once.

Step 2: Paste your credentials into Oathwall

In the Oathwall dashboard, add GitHub as a provider and paste the Client ID and Client Secret. The secret lives server-side from here on; the token exchange runs on Oathwall's servers, so nothing sensitive ships in your build. Oathwall requests the read:user and user:email scopes — both read-only, no repository access.

Step 3: Wire it up in Unity

Same base class, same single call as every other provider:

using PixitGames.SSOLoginKit;

public class LoginManager : SsoClientBase
{
    // read:user + user:email scopes. No repo access,
    // no client secret in the build.
    public void OnGitHubButton() => StartLogin("github");

    protected override void OnLoginSuccess(LoginResult user)
    {
        // user.email may be null if the account hides it.
        LinkPlayer(user.id, user.name);
    }
}

StartLogin("github") opens GitHub's authorization page in the system browser. Oathwall exchanges the code and reads the profile — user.id is GitHub's numeric account id, user.name falls back to the login handle when the display name is empty, and user.email is the primary verified address when one exists.

The gotchas worth knowing

The email is often hidden. GitHub users can set their email to private, and many do. The public profile then returns no address at all. That's why Oathwall requests user:email and reads GitHub's /user/emails endpoint to find the primary, verified one. Even so, an account with no verified email comes back with user.email as null — so write for that case and key player records on the stable user.id, the same discipline Discord and Steam push you toward.

Name falls back to the login. Plenty of developers never set a display name. When that happens, user.name is the GitHub handle (the @login) rather than a real name. Fine for a label; still not an identity.

It's a niche login, on purpose. Offering GitHub next to Google or Apple is the usual pattern — GitHub for the dev crowd, a mainstream provider for everyone else. The Unity authentication guide shows several providers sharing one login class, and OAuth 2.0 explained covers the flow underneath the button.

Oathwall is available on the Unity Asset Store, and its free plan is enough to wire up and test GitHub login before you ship.

Frequently asked questions

Why does GitHub login return a null email?
GitHub lets users keep their email private, so the public profile often has no address. Oathwall requests the user:email scope and reads the /user/emails endpoint to find the primary, verified address. If the user has no verified email, it comes back null — so handle that case and lean on the stable account id.
Do I ship a GitHub client secret in my Unity build?
No. The client secret is stored server-side in the Oathwall dashboard and used for the token exchange on Oathwall's servers. Your build only carries the public appKey.
Is GitHub login a good fit for a game?
It fits developer-facing tools, game jams, modding platforms, and open-source or dev-community games, where players already have a GitHub account. For a general consumer game, Google or Apple usually reaches more players.
What scopes does GitHub login use?
read:user for the profile and user:email to read the verified primary email. These are minimal, read-only scopes — no repo or write access is requested.