Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

OAuth user authentication without exposing client secret

License

NotificationsYou must be signed in to change notification settings

octokit/auth-oauth-user-client.js

 
 

Repository files navigation

OAuth user authentication without exposing client secret

@latestBuild Status

Table of contents

Backend service

auth-oauth-user-client.js requires a backend service to function.@octokit/oauth-app providescompatible Node.js/Express.js/Cloudflare Worker middlewares to supportauth-oauth-user-client.js.

Standalone usage

Browsers

Load@octokit/auth-oauth-user-client directly fromcdn.skypack.dev

<scripttype="module">import{createOAuthUserClientAuth}from"https://cdn.skypack.dev/@octokit/auth-oauth-user-client";</script>

Node

Install withnpm install @octokit/auth-oauth-user-client

const{  createOAuthUserClientAuth,}=require("@octokit/auth-oauth-user-client");
constauth=createOAuthUserClientAuth({clientId:"clientId123",clientType:"github-app",// defaults to `"oauth-app"`expirationEnabled:true,// defaults to `true` for GitHub App, `false` for OAuth App});// Get token from local session. Returns `null` when `code` or `state` search// parameters is missing and no session can be fetched from [`localStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/localStorage).constsession=awaitauth({type:"getToken"});// Use `signIn` command to redirect to GitHub when the user is not signed in.if(!session)awaitauth({type:"signIn"});// `token` can be retrieved from a non-null `session`.elseconsole.log(session.authentication.token);

Usage with Octokit

Browsers

Load@octokit/auth-oauth-user-client and@octokit/core (or core-compatible module) directly fromcdn.skypack.dev

<scripttype="module">import{Octokit}from"https://cdn.skypack.dev/@octokit/core";import{createOAuthUserClientAuth}from"https://cdn.skypack.dev/@octokit/auth-oauth-user-client";</script>

Node

Install withnpm install @octokit/core @octokit/auth-oauth-user-client. Optionally replace@octokit/core with a compatible module

const{ Octokit}=require("@octokit/core");const{  createOAuthUserClientAuth,}=require("@octokit/auth-oauth-user-client");
constoctokit=newOctokit({authStrategy:createOAuthUserClientAuth,auth:{clientId:"clientId123",clientType:"github-app",// defaults to `"oauth-app"`expirationEnabled:true,// defaults to `true` for GitHub App, `false` for OAuth App},});constsession=awaitoctokit.auth();// Use `signIn` command to redirect to GitHub when the user is not signed in.if(!session)awaitoctokit.auth({type:"signIn"});// Make GitHub API requests.else{const{ data}=awaitoctokit.request("GET /user");console.log(data);}

createOAuthUserClientAuth(options) ornew Octokit({auth})

ThecreateOAuthUserClientAuth method accepts a singleoptions object as argument:

nametypedescription
clientIdstringRequired. FindClient ID on the app’s about page in settings.
clientTypestringEither"oauth-app" or"github-app". Defaults to"oauth-app".
expirationEnabledbooleanDefaults totrue for GitHub App,false for OAuth App.
sessionobjectInitial session, defaults tonull. Seesession object.
defaultScopesstringOnly relevant for OAuth App. Seeavailable scopes.
serviceOriginstringDefaults tolocation.origin. Required only when the@octokit/oauth-app Node.js/Express.js/Cloudflare middleware is deployed at a different origin.
servicePathPrefixstringDefaults to"/api/github/oauth". Required only when the@octokit/oauth-app Node.js/Express.js/Cloudflare middleware is created with custompathPrefix.
sessionStoreobject orfalseCustom store to get/setsession object,false to disable session persistence. Seecustom store.
stateStoreobject orfalseCustom store to get/setstate string,false to disable state persistence.
requestfunctionYou can pass in your own@octokit/request instance. For usage with enterprise, setbaseUrl to the API root endpoint. Seecustom request

Custom store

By default,auth-oauth-user-client.js useslocalStorage to store JSONserialized session object and state string.

PasssessionStore orstateStore increateOAuthUserClientAuth(options) (ornew Octokit({auth})) to use your custom code to persist session or state.

For example:

constsessionStore={get:async()=>{/* return local session or `null` when there is no session */}set:async(session)=>{if(session==null){/* delete local session */}else{/* create or update local session */}}}constauth=createOAuthUserClientAuth({clientId:"clientId123",  sessionStore});

Custom request

const{ request}=require("@octokit/request");createOAuthAppAuth({clientId:"1234567890abcdef1234",request:request.defaults({baseUrl:"https://ghe.my-company.com/api/v3",}),});

auth(command)

The asyncauth() method returned bycreateOAuthUserClientAuth(options) accepts the following commands:

Command{type: }Optional Arguments
Sign in"signIn"
  • login: "user"
  • allowSignup: false
  • scopes: ["repo"] (only relevant for OAuth Apps)
Get (local) token"getToken"
Create an app token"createToken"
Check a token"checkToken"
Create a scoped access token (for OAuth App)"createScopedToken"
Reset a token"resetToken"
Renewing a user token with a refresh token (for GitHub App with token expiration enabled)"refreshToken"
Delete an app token (sign out)"deleteToken"offline: true (only deletes session from local session store)
Delete an app authorization"deleteAuthorization"

Session object

The asyncauth(options) method resolves to an object with the following properties:

propertytypedescription
authenticationobjectSeeauthentication object

Authentication object

There are three possible types of authentication object:

  1. OAuth APP authentication token
  2. GitHub APP user authentication token with expiring disabled
  3. GitHub APP user authentication token with expiring enabled

The differences are

  1. scopes is only present for OAuth Apps
  2. refreshToken,expiresAt,refreshTokenExpiresAt are only present for GitHub Apps, and only if token expiration is enabled

OAuth APP authentication token

nametypedescription
typestring"token"
tokenTypestring"oauth"
clientTypestring"oauth-app"
clientIdstringTheclientId from the strategy options
tokenstringThe user access token
scopesarray of stringsarray of scope names enabled for the token

GitHub APP user authentication token with expiring disabled

nametypedescription
typestring"token"
tokenTypestring"oauth"
clientTypestring"github-app"
clientIdstringTheclientId from the strategy options
tokenstringThe user access token

GitHub APP user authentication token with expiring enabled

nametypedescription
typestring"token"
tokenTypestring"oauth"
clientTypestring"github-app"
clientIdstringTheclientId from the strategy options
tokenstringThe user access token
refreshTokenstringThe refresh token
expiresAtstringDate timestamp inISO 8601 standard. Example:2022-01-01T08:00:0.000Z
refreshTokenExpiresAtstringDate timestamp inISO 8601 standard. Example:2022-01-01T08:00:0.000Z

auth.hook(request, route, parameters) or auth.hook(request, options)

auth.hook() hooks directly into the request life cycle. It amends the request to authenticate correctly based on the request URL.

Therequest option is an instance of@octokit/request. Theroute/options parameters are the same as for therequest() method.

auth.hook() can be called directly to send an authenticated request

const{data:user}=awaitauth.hook(request,"GET /user");

Or it can be passed as option torequest().

constrequestWithAuth=request.defaults({request:{hook:auth.hook}});const{data:user}=awaitrequestWithAuth("GET /user");

Contributing

SeeCONTRIBUTING.md

License

MIT

About

OAuth user authentication without exposing client secret

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published
[8]ページ先頭
©2009-2025 Movatter.jp