Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

GitHub API token authentication for browsers and Node.js

License

NotificationsYou must be signed in to change notification settings

octokit/auth-token.js

Repository files navigation

GitHub API token authentication for browsers and Node.js

@latestBuild Status

@octokit/auth-token is the simplest ofGitHub’s authentication strategies.

It is useful if you want to support multiple authentication strategies, as it’s API is compatible with its sibling packages forbasic,GitHub App andOAuth app authentication.

Usage

Browsers

Load@octokit/auth-token directly fromesm.sh

<scripttype="module">import{createTokenAuth}from"https://esm.sh/@octokit/auth-token";</script>
Node

Install withnpm install @octokit/auth-token

import{createTokenAuth}from"@octokit/auth-token";
constauth=createTokenAuth("ghp_PersonalAccessToken01245678900000000");constauthentication=awaitauth();// {//   type: 'token',//   token: 'ghp_PersonalAccessToken01245678900000000',//   tokenType: 'oauth'// }

createTokenAuth(token) options

ThecreateTokenAuth method accepts a single argument of type string, which is the token. The passed token can be one of the following:

Examples

// Personal access token or OAuth access tokencreateTokenAuth("ghp_PersonalAccessToken01245678900000000");// {//   type: 'token',//   token: 'ghp_PersonalAccessToken01245678900000000',//   tokenType: 'oauth'// }// Installation access token or GitHub Action tokencreateTokenAuth("ghs_InstallallationOrActionToken00000000");// {//   type: 'token',//   token: 'ghs_InstallallationOrActionToken00000000',//   tokenType: 'installation'// }// Installation access token or GitHub Action tokencreateTokenAuth("ghu_InstallationUserToServer000000000000");// {//   type: 'token',//   token: 'ghu_InstallationUserToServer000000000000',//   tokenType: 'user-to-server'// }

auth()

Theauth() method has no options. It returns a promise which resolves with the the authentication object.

Authentication object

name type description
typestring"token"
tokenstring The provided token.
tokenTypestring Can be either"oauth" for personal access tokens and OAuth tokens,"installation" for installation access tokens (includesGITHUB_TOKEN provided to GitHub Actions),"app" for a GitHub App JSON Web Token, or"user-to-server" for a user authentication token through an app installation.

auth.hook(request, route, options) or auth.hook(request, options)

auth.hook() hooks directly into the request life cycle. It authenticates the request using the provided token.

Therequest option is an instance of@octokit/request. Theroute/options parameters are the same as for therequest() method.

auth.hook() can be called directly to send an authenticated request

const{data:authorizations}=awaitauth.hook(request,"GET /authorizations",);

Or it can be passed as option torequest().

constrequestWithAuth=request.defaults({request:{hook:auth.hook,},});const{data:authorizations}=awaitrequestWithAuth("GET /authorizations");

Find more information

auth() does not send any requests, it only transforms the provided token string into an authentication object.

Here is a list of things you can do to retrieve further information

Find out what scopes are enabled for oauth tokens

Note that this does not work for installations. There is no way to retrieve permissions based on an installation access tokens.

constTOKEN="ghp_PersonalAccessToken01245678900000000";constauth=createTokenAuth(TOKEN);constauthentication=awaitauth();constresponse=awaitrequest("HEAD /");constscopes=response.headers["x-oauth-scopes"].split(/,\s+/);if(scopes.length){console.log(`"${TOKEN}" has${scopes.length} scopes enabled:${scopes.join(", ")}`,);}else{console.log(`"${TOKEN}" has no scopes enabled`);}

Find out if token is a personal access token or if it belongs to an OAuth app

constTOKEN="ghp_PersonalAccessToken01245678900000000";constauth=createTokenAuth(TOKEN);constauthentication=awaitauth();constresponse=awaitrequest("HEAD /");constclientId=response.headers["x-oauth-client-id"];if(clientId){console.log(`"${token}" is an OAuth token, its app’s client_id is${clientId}.`,);}else{console.log(`"${token}" is a personal access token`);}

Find out what permissions are enabled for a repository

Note that thepermissions key is not set when authenticated using an installation access token.

constTOKEN="ghp_PersonalAccessToken01245678900000000";constauth=createTokenAuth(TOKEN);constauthentication=awaitauth();constresponse=awaitrequest("GET /repos/{owner}/{repo}",{owner:"octocat",repo:"hello-world",});console.log(response.data.permissions);// {//   admin: true,//   push: true,//   pull: true// }

Use token for git operations

Both OAuth and installation access tokens can be used for git operations. However, when using with an installation,the token must be prefixed withx-access-token.

This example is using theexeca package to run agit push command.

constTOKEN="ghp_PersonalAccessToken01245678900000000";constauth=createTokenAuth(TOKEN);const{ token, tokenType}=awaitauth();consttokenWithPrefix=tokenType==="installation" ?`x-access-token:${token}` :token;constrepositoryUrl=`https://${tokenWithPrefix}@github.com/octocat/hello-world.git`;const{ stdout}=awaitexeca("git",["push",repositoryUrl]);console.log(stdout);

License

MIT

About

GitHub API token authentication for browsers and Node.js

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published

Contributors18

[8]ページ先頭
©2009-2025 Movatter.jp