My tools.simonwillison.net site is a growing collection of small HTML and JavaScript applications hosted as static files on GitHub Pages. Many of thos

GitHub OAuth for a static site using Cloudflare Workers

submited by
Style Pass
2024-11-29 11:00:04

My tools.simonwillison.net site is a growing collection of small HTML and JavaScript applications hosted as static files on GitHub Pages.

Many of those tools take advantage of external APIs such as those provided by OpenAI and Anthropic and Google Gemini, thanks to the increasingly common access-control-allow-origin: * CORS header.

To do that, I needed to implement OAuth: redirecting users to GitHub to request permission to access their data and then storing an access token in their browser's localStorage to be used by JavaScript running on my site.

There is just one catch: it currently isn't possible to implement GitHub OAuth entirely from the client, because that API depends on a secret that must be held server-side and cannot be exposed.

This morning, I had an idea: my tools site is hosted by GitHub Pages, but it's served via my Cloudflare account for the simonwillison.net domain.

Could I spin up a tiny Cloudflare Workers server-side script implementing GitHub OAuth and add it to a path on that tools subdomain?

Leave a Comment