- Notifications
You must be signed in to change notification settings - Fork5
GitHub API Basic authentication for browsers and Node.js
License
octokit/auth-basic.js
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Authentication using a username and password has been deprecated by GitHub on February 14, 2020.
It will be removed entirely on November 13, 2020. Brownouts are scheduled for September 30, 2020 and October 28, 2020.
See theofficial deprecation announcement for more details.
GitHub API Basic authentication for browsers and Node.js
@octokit/auth-basic is implementing one ofGitHub’s authentication strategies: authenticating using username and password.
- Usage
createBasicAuth()optionsauth()optionsauth()resultauth.hook(request, route, options)orauth.hook(request, options)- Implementation details
- License
| Browsers | Load <scripttype="module">import{createBasicAuth}from"https://cdn.skypack.dev/@octokit/auth-basic";</script> |
|---|---|
| Node | Install with const{ createBasicAuth}=require("@octokit/auth-basic");// or: import { createBasicAuth } from "@octokit/auth-basic"; |
Get token or basic authentication using theauth() method.
constauth=createBasicAuth({username:"octocat",password:"secret",asyncon2Fa(){// prompt user for the one-time password retrieved via SMS or authenticator appreturnprompt("Two-factor authentication Code:");},});consttokenAuthentication=awaitauth({type:"token",});constbasicAuthentication=awaitauth({type:"basic",});
Authenticaterequest usingauth.hook()
const{ hook}=createBasicAuth({username:"octocat",password:"secret",asyncon2Fa(){// prompt user for the one-time password retrieved via SMS or authenticator appreturnprompt("Two-factor authentication Code:");},});constrequestWithAuth=request.defaults({request:{ hook}});constauthorizations=awaitrequestWithAuth("GET /authorizations");
All strategy options
constauth=createBasicAuth({username:"octocat",password:"secret",asyncon2Fa(){returnprompt("Two-factor authentication Code:");},token:{note:"octokit 2019-04-03 abc4567",scopes:[],noteUrl:"https://github.com/octokit/auth.js#basic-auth",fingerprint:"abc4567",clientId:"1234567890abcdef1234",clientSecret:"1234567890abcdef1234567890abcdef12345678",},request:request.defaults({baseUrl:"https://ghe.my-company.com/api/v3",}),});
| name | type | description |
|---|---|---|
username | string | Required. Username of the account to login with. |
password | string | Required. Password of the account to login with. |
on2Fa | function | Required. If the user hastwo-factor authentication (2FA) enabled, theon2Fa method will be called and expected to return a time-based one-time password (TOTP) which the user retrieves either via SMS or an authenticator app, based on their account settings. You can pass an empty function if you are certain the account has 2FA disabled.Alias: on2fa |
token | object | An object matching"Create a new authorization" parameters, but camelCased. |
token.note | string | A note to remind you what the OAuth token is for. Personal access tokens must have a unique note. Attempting to create a token with with an existing note results in a409 conflict error.Defaults to "octokit <timestamp><fingerprint>", where<timestamp> has the formatYYYY-MM-DD and<fingerprint> is a random string. Example: "octokit 2019-04-03 abc4567". |
token.scopes | array of strings | A list of scopes that this authorization is in. Seeavailable scopes Defaults to an empty array |
token.noteUrl | string | A URL to remind you what app the OAuth token is for. Defaults to "https://github.com/octokit/auth-basic.js#readme" |
token.fingerprint | string | A unique string to distinguish an authorization from others created for the same client ID and user. Defaults to a random string |
token.clientId | string | The 20 character OAuth app client key for which to create the token. |
token.clientSecret | string | The 40 character OAuth app client secret for which to create the token. Note: do not share an OAuth app’s client secret with an untrusted client such as a website or native app. |
request | function | You can pass in your own@octokit/request instance. For usage with enterprise, setbaseUrl to the hostname +/api/v3. Example:const{ request}=require("@octokit/request");createAppAuth({clientId:123,clientSecret:"secret",request:request.defaults({baseUrl:"https://ghe.my-company.com/api/v3",}),}); |
| name | type | description |
|---|---|---|
type | string | Either"basic" or"token". Defaults to"token". |
refresh | boolean | If set totrue, a new token is created and cached. Only relevent iftype is set to"token".Defaults to false. |
There are three possible results that the asyncauth() method can resolve to
- A personal access token authentication
auth({type: 'token'})andbasic.token.clientId/basic.token.clientSecretnot passed as strategy options. - An OAuth access token authentication
auth({type: 'token'})andbasic.token.clientId/basic.token.clientSecretpassed as strategy options. - Basic authentication
auth({type: 'basic'})
| name | type | description |
|---|---|---|
type | string | "token" |
tokenType | string | "pat" |
token | string | The personal access token |
id | number | Database ID of token |
username | string | Username of authenticated user |
scopes | array of strings | array of scope names |
| name | type | description |
|---|---|---|
type | string | "token" |
tokenType | string | "oauth" |
token | string | The oauth access token |
username | string | Username of authenticated user |
id | number | Database ID of token |
appClientId | number | OAuth application’s client ID |
scopes | array of strings | array of scope names |
| name | type | description |
|---|---|---|
type | string | "basic" |
username | string | The decoded username |
password | string | The decoded password |
credentials | string | base64-encoded string that can be used inAuthorization header. |
totp | string | The time-based one-time password returned byoptions.on2Fa(). Only present if 2Fa authentication is enabled for the account. |
auth.hook() hooks directly into the request life cycle. It authenticates the request using either basic authentication or a token based on the request URL and handles two-factor authentication with request retries.
Therequest option is an instance of@octokit/request. Theroute/options parameters are the same as for therequest() method.
auth.hook() can be called directly to send an authenticated request
const{data:authorizations}=awaitauth.hook(request,"GET /authorizations");
Or it can be passed as option torequest().
constrequestWithAuth=request.defaults({request:{hook:auth.hook,},});const{data:authorizations}=awaitrequestWithAuth("GET /authorizations");
Theon2Fa() method passed as strategy option is (re-)called as needed.request() method
GitHub recommends to use basic authentication only for managingpersonal access tokens. By default, theauth.hook() method implements this best practice and retrieves a personal access token to authenticate requests. All personal access tokens must have a uniquenote /fingerprint. Theauth() method is setting a defaults that are always different to avoid conflicts. But if you set a customtoken.note option,fingerprint is not set to a random string by default in order to avoid multiple tokens with the same note.
Some endpoint however do require basic authentication, such asList your authorizations orDelete an authorization. Theauth.hook() method is setting the correct authorization automatically based on the request URL.
There is a special case if the user enabledtwo-factor authentication with SMS as method, because an SMS with the time-based one-time password (TOTP) will only be sent if a request is made to one of these endpoints
POST /authorizations- Create a new authorizationPUT /authorizations/clients/:client_id- Get-or-create an authorization for a specific appPUT /authorizations/clients/:client_id/:fingerprint- Get-or-create an authorization for a specific app and fingerprintPATCH /authorizations/:authorization_id- Update an existing authorization
To guarantee the TOTP delivery via SMS,auth.hook() is sending an additional request which has no other effect.
About
GitHub API Basic authentication for browsers and Node.js
Topics
Resources
License
Code of conduct
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Contributors6
Uh oh!
There was an error while loading.Please reload this page.