This version of GitHub Enterprise Server was discontinued on 2026-04-23. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

GitHub authentication discovery endpoints

GitHub publishes OAuth 2.0 and OpenID Connect metadata documents.

In this article

Note

The GitHub authentication metadata documents described in this article are in beta and subject to change. While the endpoints may be present on GitHub Enterprise Cloud with data residency and some versions of GitHub Enterprise Server, they contain incorrect information.

GitHub publishes two metadata documents used in the OAuth 2.0 and OpenID Connect protocols:

  • OAuth 2.0 Authorization Server Metadata (RFC 8414): https://github.com/.well-known/oauth-authorization-server/login/oauth
  • OpenID Connect Discovery (OpenID Connect Discovery 1.0): https://github.com/login/oauth/.well-known/openid-configuration

These documents are used to validate tokens issued by GitHub as well as programmatically determine how to sign in a user.

Intended use

These documents are only published for MCP clients using RFC 9728 to discover the OAuth 2.0 endpoints needed to get a token for the GitHub MCP server.

GitHub does not currently implement OpenID Connect in its OAuth flows and does not issue ID tokens for users or apps.

Issuer

The issuer for GitHub.com is https://github.com/login/oauth.

This is the base URL used to find the other documents listed and an important parameter when configuring authentication libraries.

Difference from GitHub Actions tokens

These metadata documents do not apply to the tokens issued for GitHub Actions workflows. GitHub Actions uses a separate dedicated issuer and token profile. For more information about Actions tokens, see OpenID Connect.