Connect middleware which enforces GitHub organization membership for applications


Connect middleware which enforces GitHub organisation membership for applications.

Flat-out responds with HTTP 403 if the authenticated user is not in the specified organisation.

Works for me :)

  • node.js (written under v0.8.x, may work with older)
  • a Connect (or Express, et. al.) application
  • GitHub OAuth middleware in place before this (such as connect_auth_github)

So yes this module does not do the actual wiring up of OAuth authentication. This is more of an authorization add-on for your existing authentication.

If you do not want to use connect_auth_github for some reason, this module is simply expecting that the req object (via Connect) is decorated with a github object containing at least login and token properties.

Dig into the /lib code for more details if you want to use another module for OAuth itself.

Isolated example:

var github_organization_auth = require("connect-github-organization-auth");


    organization: "my-organization"

Example with connect_auth_github with details provided on process.env:

var github_auth = require("connect_auth_github");
var github_organisation_auth = require("connect-github-organisation-auth");


    appId: process.env.GITHUB_APP_ID,
    appSecret: process.env.GITHUB_APP_SECRET,
    callback: process.env.GITHUB_CALLBACK

    organisation: "my-organization"



Feel free to open an issue on GitHub if you find a bug. Better yet, fork it and fix it.