diff --git a/conf/app.ini b/conf/app.ini
index c90246005c..575e18a404 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -79,6 +79,7 @@ ENABLED = false
 ENABLED =
 CLIENT_ID = 
 CLIENT_SECRET = 
+SCOPES = https://api.github.com/user
 
 [cache]
 ; Either "memory", "redis", or "memcache", default is "memory"
diff --git a/modules/base/conf.go b/modules/base/conf.go
index ba9c320d77..69df49dc48 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -34,6 +34,7 @@ type Oauther struct {
 	GitHub struct {
 		Enabled                bool
 		ClientId, ClientSecret string
+		Scopes                 string
 	}
 }
 
@@ -263,6 +264,7 @@ func newOauthService() {
 		OauthService.GitHub.Enabled = true
 		OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID")
 		OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET")
+		OauthService.GitHub.Scopes = Cfg.MustValue("oauth.github", "SCOPES")
 		oauths = append(oauths, "GitHub")
 	}
 
diff --git a/web.go b/web.go
index 8d53b9e1bc..b8fa9eb7ae 100644
--- a/web.go
+++ b/web.go
@@ -59,20 +59,16 @@ func runWeb(*cli.Context) {
 	m.Use(middleware.Renderer(middleware.RenderOptions{Funcs: []template.FuncMap{base.TemplateFuncs}}))
 	m.Use(middleware.InitContext())
 
-	scope := "https://api.github.com/user"
-	// m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
-	// m.Use(oauth2.Github(&oauth2.Options{
-	// 	ClientId:     "09383403ff2dc16daaa1",
-	// 	ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
-	// 	RedirectURL:  base.AppUrl + oauth2.PathCallback,
-	// 	Scopes:       []string{scope},
-	// }))
-	m.Use(oauth2.Github(&oauth2.Options{
-		ClientId:     "ba323b44192e65c7c320",
-		ClientSecret: "6818ffed53bea5815bf1a6412d1933f25fa10619",
-		RedirectURL:  base.AppUrl + oauth2.PathCallback[1:],
-		Scopes:       []string{scope},
-	}))
+	if base.OauthService != nil {
+		if base.OauthService.GitHub.Enabled {
+			m.Use(oauth2.Github(&oauth2.Options{
+				ClientId:     base.OauthService.GitHub.ClientId,
+				ClientSecret: base.OauthService.GitHub.ClientSecret,
+				RedirectURL:  base.AppUrl + oauth2.PathCallback[1:],
+				Scopes:       []string{base.OauthService.GitHub.Scopes},
+			}))
+		}
+	}
 
 	reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
 	ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})