| +Browsers + | + +⚠️ `@octokit/auth-app` is not meant for usage in the browser. A private key and client secret must not be exposed to users. + +The private keys provided by GitHub are in `PKCS#1` format, but the WebCrypto API only supports `PKCS#8`. You need to convert it first: + +```shell +openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.key +``` + +The OAuth APIs to create user-to-server tokens cannot be used because they do not have CORS enabled. + +If you know what you are doing, load `@octokit/auth-app` directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| +Node + |
+
+Install with npm install @octokit/auth-app
+
+```js
+const { createAppAuth } = require("@octokit/auth-app");
+// or: import { createAppAuth } from "@octokit/auth-app";
+```
+
+ |
| + +Browsers + + | + +⚠️ `@octokit/auth-app` is not meant for usage in the browser. A private key and client secret must not be exposed to users. + +The private keys provided by GitHub are in `PKCS#1` format, but the WebCrypto API only supports `PKCS#8`. You need to convert it first: + +```shell +openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.key +``` + +The OAuth APIs to create user-to-server tokens cannot be used because they do not have CORS enabled. + +If you know what you are doing, load `@octokit/auth-app` and `@octokit/core` (or a compatible module) directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/core @octokit/auth-app`. Optionally replace `@octokit/core` with a compatible module + +```js +const { Octokit } = require("@octokit/core"); +const { createAppAuth, createOAuthUserAuth } = require("@octokit/auth-app"); +``` + + |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ appId
+ |
+
+ number
+ |
+ + Required. Find App ID on the app’s about page in settings. + | +
+ privateKey
+ |
+
+ string
+ |
+
+ Required. Content of the *.pem file you downloaded from the app’s about page. You can generate a new private key if needed.
+ |
+
+ installationId
+ |
+
+ number
+ |
+
+ Default installationId to be used when calling auth({ type: "installation" }).
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + The client ID of the GitHub App. + | +
+ clientSecret
+ |
+
+ string
+ |
+ + A client secret for the GitHub App. + | +
+ request
+ |
+
+ function
+ |
+ + +Automatically set to `octokit.request` when using with an `Octokit` constructor. + +For standalone usage, you can pass in your own [`@octokit/request`](https://github.com/octokit/request.js) instance. For usage with enterprise, set `baseUrl` to the hostname + `/api/v3`. Example: + +```js +const { request } = require("@octokit/request"); +createAppAuth({ + appId: 1, + privateKey: "-----BEGIN PRIVATE KEY-----\n...", + request: request.defaults({ + baseUrl: "https://ghe.my-company.com/api/v3", + }), +}); +``` + + |
+ cache
+ |
+
+ object
+ |
+
+ Installation tokens expire after an hour. By default, @octokit/auth-app is caching up to 15000 tokens simultaneously using lru-cache. You can pass your own cache implementation by passing options.cache.{get,set} to the constructor. Example:
+
+```js
+const CACHE = {};
+createAppAuth({
+ appId: 1,
+ privateKey: "-----BEGIN PRIVATE KEY-----\n...",
+ cache: {
+ async get(key) {
+ return CACHE[key];
+ },
+ async set(key, value) {
+ CACHE[key] = value;
+ },
+ },
+});
+```
+
+ |
+ log
+ |
+
+ object
+ |
+
+ You can pass in your preferred logging tool by passing option.log to the constructor. If you would like to make the log level configurable using an environment variable or external option, we recommend the console-log-level package. For example:
+
+```js
+createAppAuth({
+ appId: 1,
+ privateKey: "-----BEGIN PRIVATE KEY-----\n...",
+ log: require("console-log-level")({ level: "info" }),
+});
+```
+
+ |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be either "app".
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be either "oauth-app".
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be "installation".
+ |
+
+ installationId
+ |
+
+ number
+ |
+
+ Required unless a default installationId was passed to createAppAuth(). ID of installation to retrieve authentication for.
+ |
+
+ repositoryIds
+ |
+
+ array of numbers
+ |
+
+ The id of the repositories that the installation token can access. Also known as a databaseID when querying the repository object in GitHub's GraphQL API. This option is **(recommended)** over repositoryNames when needing to limit the scope of the access token, due to repositoryNames having the possibility of changing. Additionally, you should only include either repositoryIds or repositoryNames, but not both.
+ |
+
+ repositoryNames
+ |
+
+ array of strings
+ |
+
+ The name of the repositories that the installation token can access. As mentioned in the repositoryIds description, you should only include either repositoryIds or repositoryNames, but not both.
+ |
+
+ permissions
+ |
+
+ object
+ |
+ + The permissions granted to the access token. The permissions object includes the permission names and their access type. For a complete list of permissions and allowable values, see GitHub App permissions. + | +
+ factory
+ |
+
+ function
+ |
+ + +The `auth({type: "installation", installationId, factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. + +For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: + +```js +const appAuth = createAppAuth({ + appId: 1, + privateKey: "-----BEGIN PRIVATE KEY-----\n...", +}); + +const installationAuth123 = await appAuth({ + type: "installation", + installationId: 123, + factory: createAppAuth, +}); +``` + + | +
+ refresh
+ |
+
+ boolean
+ |
+ + +Installation tokens expire after one hour. By default, tokens are cached and returned from cache until expired. To bypass and update a cached token for the given `installationId`, set `refresh` to `true`. + +Defaults to `false`. + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be "oauth-user".
+ |
+
+ factory
+ |
+
+ function
+ |
+ + +The `auth({type: "oauth-user", factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. + +For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: + +```js +const { + createAppAuth, + createOAuthUserAuth, +} = require("@octokit/auth-oauth-app"); + +const appAuth = createAppAuth({ + appId: 1, + privateKey: "-----BEGIN PRIVATE KEY-----\n...", + clientId: "lv1.1234567890abcdef", + clientSecret: "1234567890abcdef1234567890abcdef12345678", +}); + +const userAuth = await appAuth({ + type: "oauth-user", + code, + factory: createOAuthUserAuth, +}); + +// will create token upon first call, then cache authentication for successive calls, +// until token needs to be refreshed (if enabled for the GitHub App) +const authentication = await userAuth(); +``` + + | +
+ code
+ |
+
+ string
+ |
+
+ The authorization code which was passed as query parameter to the callback URL from the OAuth web application flow.
+ |
+
+ redirectUrl
+ |
+
+ string
+ |
+ + The URL in your application where users are sent after authorization. See redirect urls. + | +
+ state
+ |
+
+ string
+ |
+ + The unguessable random string you provided in Step 1 of the OAuth web application flow. + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be "oauth-user".
+ |
+
+ onVerification
+ |
+
+ function
+ |
+ + +**Required**. A function that is called once the device and user codes were retrieved. + +The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. + +```js +const auth = auth({ + type: "oauth-user", + onVerification(verification) { + console.log("Open %s", verification.verification_uri); + console.log("Enter code: %s", verification.user_code); + await prompt("press enter when you are ready to continue"); + }, +}); +``` + + | +
+ factory
+ |
+
+ function
+ |
+ + +The `auth({type: "oauth-user", factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. + +For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: + +```js +const { + createAppAuth, + createOAuthUserAuth, +} = require("@octokit/auth-oauth-app"); + +const appAuth = createAppAuth({ + appId: 1, + privateKey: "-----BEGIN PRIVATE KEY-----\n...", + clientId: "lv1.1234567890abcdef", + clientSecret: "1234567890abcdef1234567890abcdef12345678", +}); + +const userAuth = await appAuth({ + type: "oauth-user", + code, + factory: createOAuthUserAuth, +}); + +// will create token upon first call, then cache authentication for successive calls, +// until token needs to be refreshed (if enabled for the GitHub App) +const authentication = await userAuth(); +``` + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "app"
+ |
+
+ token
+ |
+
+ string
+ |
+ + The JSON Web Token (JWT) to authenticate as the app. + | +
+ appId
+ |
+
+ number
+ |
+ + GitHub App database ID. + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Timestamp in UTC format, e.g. "2018-07-07T00:09:30.000Z". A Date object can be created using new Date(authentication.expiresAt).
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "oauth-app"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + The client ID as passed to the constructor. + | +
+ clientSecret
+ |
+
+ string
+ |
+ + The client secret as passed to the constructor. + | +
+ headers
+ |
+
+ object
+ |
+
+ { authorization }.
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ token
+ |
+
+ string
+ |
+ + The installation access token. + | +
+ tokenType
+ |
+
+ string
+ |
+
+ "installation"
+ |
+
+ installationId
+ |
+
+ number
+ |
+ + Installation database ID. + | +
+ createdAt
+ |
+
+ string
+ |
+
+ Timestamp in UTC format, e.g. "2018-07-07T00:00:00.000Z". A Date object can be created using new Date(authentication.expiresAt).
+ |
+
+ expiresAt
+ |
+
+ string
+ |
+
+ Timestamp in UTC format, e.g. "2018-07-07T00:59:00.000Z". A Date object can be created using new Date(authentication.expiresAt).
+ |
+
+ repositoryIds
+ |
+
+ array of numbers
+ |
+
+ Only present if repositoryIds option passed to auth(options).
+ |
+
+ repositoryNames
+ |
+
+ array of strings
+ |
+
+ Only present if repositoryNames option passed to auth(options).
+ |
+
+ permissions
+ |
+
+ object
+ |
+
+ An object where keys are the permission name and the value is either "read" or "write". See the list of all GitHub App Permissions.
+ |
+
+ singleFileName
+ |
+
+ string
+ |
+
+ If the single file permission is enabled, the singleFileName property is set to the path of the accessible file.
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+ + One of the app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+ + One of the app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ refreshToken
+ |
+
+ string
+ |
+ + The refresh token + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
| +Browsers + | + +⚠️ `@octokit/auth-oauth-app` is not meant for usage in the browser. The OAuth APIs to create tokens do not have CORS enabled, and a client secret must not be exposed to the client. + +If you know what you are doing, load `@octokit/auth-oauth-app` directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| +Node + |
+
+Install with npm install @octokit/auth-oauth-app
+
+```js
+const { createOAuthAppAuth } = require("@octokit/auth-oauth-app");
+// or: import { createOAuthAppAuth } from "@octokit/auth-oauth-app";
+```
+
+ |
| + +Browsers + + | + +⚠️ `@octokit/auth-oauth-app` is not meant for usage in the browser. The OAuth APIs to create tokens do not have CORS enabled, and a client secret must not be exposed to the client. + +If you know what you are doing, load `@octokit/auth-oauth-app` and `@octokit/core` (or a compatible module) directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/core @octokit/auth-oauth-app`. Optionally replace `@octokit/core` with a compatible module + +```js +const { Octokit } = require("@octokit/core"); +const { + createOAuthAppAuth, + createOAuthUserAuth, +} = require("@octokit/auth-oauth-app"); +``` + + |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientId
+ |
+
+ string
+ |
+
+ Required. Find your OAuth app’s Client ID in your account’s developer settings.
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+
+ Required. Find your OAuth app’s Client Secret in your account’s developer settings.
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ Must be set to either "oauth-app" or "github-app". Defaults to "oauth-app"
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+createOAuthAppAuth({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef1234567890abcdef12345678",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be set to "oauth-app"
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be set to "oauth-user".
+ |
+
+ code
+ |
+
+ string
+ |
+
+ Required. The authorization code which was passed as query parameter to the callback URL from the OAuth web application flow.
+ |
+
+ redirectUrl
+ |
+
+ string
+ |
+ + The URL in your application where users are sent after authorization. See redirect urls. + | +
+ state
+ |
+
+ string
+ |
+ + The unguessable random string you provided in Step 1 of the OAuth web application flow. + | +
+ factory
+ |
+
+ function
+ |
+ + +When the `factory` option is, the `auth({type: "oauth-user", code, factory })` call with resolve with whatever the `factory` function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. + +For example, you can create a new `auth` instance for for a user using [`createOAuthUserAuth`](https://github.com/octokit/auth-oauth-user.js/#readme) which implements auto-refreshing tokens, among other features. You can import `createOAuthUserAuth` directly from `@octokit/auth-oauth-app` which will ensure compatibility. + +```js +const { + createOAuthAppAuth, + createOAuthUserAuth, +} = require("@octokit/auth-oauth-app"); + +const appAuth = createOAuthAppAuth({ + clientType: "github-app", + clientId: "lv1.1234567890abcdef", + clientSecret: "1234567890abcdef1234567890abcdef12345678", +}); + +const userAuth = await appAuth({ + type: "oauth-user", + code, + factory: createOAuthUserAuth, +}); + +// will create token upon first call, then cache authentication for successive calls, +// until token needs to be refreshed (if enabled for the GitHub App) +const authentication = await userAuth(); +``` + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be set to "oauth-user".
+ |
+
+ onVerification
+ |
+
+ function
+ |
+ + +**Required**. A function that is called once the device and user codes were retrieved. + +The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. + +```js +const auth = auth({ + type: "oauth-user", + onVerification(verification) { + console.log("Open %s", verification.verification_uri); + console.log("Enter code: %s", verification.user_code); + + await prompt("press enter when you are ready to continue"); + }, +}); +``` + + | +
+ scopes
+ |
+
+ array of strings
+ |
+
+ Only relevant if the clientType strategy option is set to "oauth-app".Array of OAuth scope names that the user access token should be granted. Defaults to no scopes ([]).
+ |
+
+ factory
+ |
+
+ function
+ |
+ + +When the `factory` option is, the `auth({type: "oauth-user", code, factory })` call with resolve with whatever the `factory` function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. + +For example, you can create a new `auth` instance for for a user using [`createOAuthUserAuth`](https://github.com/octokit/auth-oauth-user.js/#readme) which implements auto-refreshing tokens, among other features. You can import `createOAuthUserAuth` directly from `@octokit/auth-oauth-app` which will ensure compatibility. + +```js +const { + createOAuthAppAuth, + createOAuthUserAuth, +} = require("@octokit/auth-oauth-app"); + +const appAuth = createOAuthAppAuth({ + clientType: "github-app", + clientId: "lv1.1234567890abcdef", + clientSecret: "1234567890abcdef1234567890abcdef12345678", +}); + +const userAuth = await appAuth({ + type: "oauth-user", + onVerification, + factory: createOAuthUserAuth, +}); + +// will create token upon first call, then cache authentication for successive calls, +// until token needs to be refreshed (if enabled for the GitHub App) +const authentication = await userAuth(); +``` + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "oauth-app"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + The client ID as passed to the constructor. + | +
+ clientSecret
+ |
+
+ string
+ |
+ + The client secret as passed to the constructor. + | +
+ headers
+ |
+
+ object
+ |
+
+ { authorization }.
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "oauth-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The clientId from the strategy options
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+
+ The clientSecret from the strategy options
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + array of scope names enabled for the token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+ + One of the app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+ + One of the app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ refreshToken
+ |
+
+ string
+ |
+ + The refresh token + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
| + +Browsers + + | + +Load `@octokit/auth-oauth-device` directly from [cdn.pika.dev](https://cdn.pika.dev) + +```html + +``` + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/core @octokit/auth-oauth-device` + +```js +const { createOAuthDeviceAuth } = require("@octokit/auth-oauth-device"); +``` + + |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientId
+ |
+
+ string
+ |
+
+ Required. Find your OAuth app’s Client ID in your account’s developer settings.
+ |
+
+ onVerification
+ |
+
+ function
+ |
+ + Required. A function that is called once the device and user codes were retrieved + +The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. + +```js +const auth = createOAuthDeviceAuth({ + clientId: "1234567890abcdef1234", + onVerification(verification) { + console.log("Open %s", verification.verification_uri); + console.log("Enter code: %s", verification.user_code); + + await prompt("press enter when you are ready to continue"); + }, +}); +``` + + | +
+ clientType
+ |
+
+ string
+ |
+ + +Must be either `oauth-app` or `github-app`. Defaults to `oauth-app`. + + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+createOAuthDeviceAuth({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "secret",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+ scopes
+ |
+
+ array of strings
+ |
+ + +Only relavant if `clientType` is set to `"oauth-app"`. + +Array of scope names enabled for the token. Defaults to `[]`. See [available scopes](https://docs.github.com/en/developers/apps/scopes-for-oauth-apps#available-scopes). + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ Required. Must be set to "oauth"
+ |
+
+ scopes
+ |
+
+ array of strings
+ |
+ + +Only relevant if the `clientType` strategy options was set to `"oauth-app"` + +Array of scope names enabled for the token. Defaults to what was set in the [strategy options](#createoauthdeviceauthoptions). See available scopes + + | +
+ refresh
+ |
+
+ boolean
+ |
+ + +Defaults to `false`. When set to `false`, calling `auth(options)` will resolve with a token that was previously created for the same scopes if it exists. If set to `true` a new token will always be created. + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The personal access token + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + array of scope names enabled for the token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The personal access token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ refreshToken
+ |
+
+ string
+ |
+ + The refresh token + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
| + +Browsers + + | + +Load `@octokit/auth-oauth-user` directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/auth-oauth-user` + +```js +const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); +``` + + |
| + +Browsers + + | + +`@octokit/auth-oauth-user` cannot be used in the browser. It requires `clientSecret` to be set which must not be exposed to clients, and some of the OAuth APIs it uses do not support CORS. + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/core @octokit/auth-oauth-user`. Optionally replace `@octokit/core` with a compatible module + +```js +const { Octokit } = require("@octokit/core"); +const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); +``` + + |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientId
+ |
+
+ string
+ |
+ + Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. + | +
+ clientType
+ |
+
+ string
+ |
+
+ Either "oauth-app" or "github-app". Defaults to "oauth-app".
+ |
+
+ code
+ |
+
+ string
+ |
+ + +**Required.** The authorization code which was passed as query parameter to the callback URL from [GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#web-application-flow). + + | +
+ state
+ |
+
+ string
+ |
+ + +The unguessable random string you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity). + + | +
+ redirectUrl
+ |
+
+ string
+ |
+
+
+The redirect_uri parameter you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity).
+
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+createOAuthAppAuth({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef1234567890abcdef12345678",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientId
+ |
+
+ string
+ |
+ + Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. + | +
+ clientSecret
+ |
+
+ string
+ |
+
+ Required. Client Secret for your GitHub/OAuth App. The clientSecret is not needed for the OAuth device flow itself, but it is required for resetting, refreshing, and invalidating a token. Find the Client Secret on your app's settings page.
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ Either "oauth-app" or "github-app". Defaults to "oauth-app".
+ |
+
+ onVerification
+ |
+
+ function
+ |
+ + +**Required**. A function that is called once the device and user codes were retrieved + +The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. + +```js +const auth = createOAuthUserAuth({ + clientId: "1234567890abcdef1234", + clientSecret: "1234567890abcdef1234567890abcdef12345678", + onVerification(verification) { + console.log("Open %s", verification.verification_uri); + console.log("Enter code: %s", verification.user_code); + + await prompt("press enter when you are ready to continue"); + }, +}); +``` + + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+createOAuthAppAuth({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef1234567890abcdef12345678",
+ onVerification(verification) {
+ console.log("Open %s", verification.verification_uri);
+ console.log("Enter code: %s", verification.user_code);
+
+ await prompt("press enter when you are ready to continue");
+ },
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Either "oauth-app" or "github".
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. + | +
+ token
+ |
+
+ string
+ |
+ + Required. The user access token + | +
+ scopes
+ |
+
+ array of strings
+ |
+
+ Required if clientType is set to "oauth-app". Array of OAuth scope names the token was granted
+ |
+
+ refreshToken
+ |
+
+ string
+ |
+
+ Only relevant if clientType is set to "github-app" and token expiration is enabled.
+ |
+
+ expiresAt
+ |
+
+ string
+ |
+
+ Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+createOAuthAppAuth({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef1234567890abcdef12345678",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+ + +Without setting `type` auth will return the current authentication object, or exchange the `code` from the strategy options on first call. If the current authentication token is expired, the tokens will be refreshed. + +Possible values for `type` are + +- `"get"`: returns the token from internal state and creates it if none was created yet +- `"check"`: sends request to verify the validity of the current token +- `"reset"`: invalidates current token and replaces it with a new one +- `"refresh"`: GitHub Apps only, and only if expiring user tokens are enabled. +- `"delete"`: invalidates current token +- `"deleteAuthorization"`: revokes OAuth access for application. All tokens for the current user created by the same app are invalidated. The user will be prompted to grant access again during the next OAuth web flow. + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "oauth-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The clientId from the strategy options
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+
+ The clientSecret from the strategy options
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + array of scope names enabled for the token + | +
+ invalid
+ |
+
+ boolean
+ |
+ + +Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The clientId from the strategy options
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+
+ The clientSecret from the strategy options
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ invalid
+ |
+
+ boolean
+ |
+ + +Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid + + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ type
+ |
+
+ string
+ |
+
+ "token"
+ |
+
+ tokenType
+ |
+
+ string
+ |
+
+ "oauth"
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The clientId from the strategy options
+ |
+
+ clientSecret
+ |
+
+ string
+ |
+
+ The clientSecret from the strategy options
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ refreshToken
+ |
+
+ string
+ |
+ + The refresh token + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
+ invalid
+ |
+
+ boolean
+ |
+ + +Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid + + | +
| + Browsers + | ++ +Load `@octokit/oauth-authorization-url` directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| + Node + | +
+
+Install with npm install @octokit/oauth-authorization-url
+
+```js
+const { oauthAuthorizationUrl } = require("@octokit/oauth-authorization-url");
+// or: import { oauthAuthorizationUrl } from "@octokit/oauth-authorization-url";
+```
+
+ |
| + name + | ++ description + | +
|---|---|
+ clientId
+ |
+ + Required. The client ID you received from GitHub when you registered. + | +
+ clientType
+ |
+ + +Must be set to either `"oauth-app"` or `"github-app"`. Defaults to `"oauth-app"`. + + | +
+ redirectUrl
+ |
+ + The URL in your application where users will be sent after authorization. See Redirect URLs in GitHub’s Developer Guide. + | +
+ login
+ |
+ + Suggests a specific account to use for signing in and authorizing the app. + | +
+ scopes
+ |
+ + +Only relevant when `clientType` is set to `"oauth-app"`. + +An array of scope names (or: space-delimited list of scopes). If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with user scope and another token with repo scope, a third web flow that does not provide a scope will receive a token with user and repo scope. + +Defaults to `[]` if `clientType` is set to `"oauth-app"`. + + | +
+ state
+ |
+
+ An unguessable random string. It is used to protect against cross-site request forgery attacks.
+ Defaults to Math.random().toString(36).substr(2).
+ |
+
+ allowSignup
+ |
+
+ Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. Use false in the case that a policy prohibits signups. Defaults to true.
+ |
+
+ baseUrl
+ |
+
+ When using GitHub Enterprise Server, set the baseUrl to the origin, e.g. https://github.my-enterprise.com.
+ |
+
| + name + | ++ description + | +
|---|---|
+ allowSignup
+ |
+
+ Returns options.allowSignup if it was set. Defaults to true.
+ |
+
+ clientType
+ |
+
+ Returns options.clientType. Defaults to "oauth-app".
+ |
+
+ clientId
+ |
+
+ Returns options.clientId.
+ |
+
+ login
+ |
+
+ Returns options.login if it was set. Defaults to null.
+ |
+
+ redirectUrl
+ |
+
+ Returns options.redirectUrl if it was set. Defaults to null.
+ |
+
+ scopes
+ |
+
+
+Only set if `options.clientType` is set to `"oauth-app"`.
+
+Returns an array of strings. Returns options.scopes if it was set and turns the string into an array if a string was passed, otherwise [].
+
+ |
+
+ state
+ |
+
+ Returns options.state if it was set. Defaults to Defaults to Math.random().toString(36).substr(2).
+ |
+
+ url
+ |
+ + The authorization URL + | +
| + +Browsers + + | + +`@octokit/oauth-methods` is not meant for browser usage. + +Some of the methods will work, but others do not have CORS headers enabled and will fail (`exchangeWebFlowCode()`, `createDeviceCode()`, `exchangeDeviceCode()`, `refreshToken()`). Also the Client Secret should not be exposed to clients as it can be used for a [Person-in-the-middle attack](https://en.wikipedia.org/wiki/Person-in-the-middle_attack). + + |
|---|---|
| + +Node + + | + +Install with `npm install @octokit/core @octokit/oauth-methods` + +```js +const { + exchangeWebFlowCode, + createDeviceCode, + exchangeDeviceCode, + checkToken, + refreshToken, + scopeToken, + resetToken, + deleteToken, + deleteAuthorization, +} = require("@octokit/oauth-methods"); +``` + + |
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientId
+ |
+
+ string
+ |
+ + Required. The client ID you received from GitHub when you registered. + | +
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to either "oauth-app" or "github-app".
+ |
+
+ redirectUrl
+ |
+
+ string
+ |
+ + The URL in your application where users will be sent after authorization. See Redirect URLs in GitHub’s Developer Guide. + | +
+ login
+ |
+
+ string
+ |
+ + Suggests a specific account to use for signing in and authorizing the app. + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + +Only relevant if `clientType` is set to `"oauth-app"`. + +An array of scope names (or: space-delimited list of scopes). If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with user scope and another token with repo scope, a third web flow that does not provide a scope will receive a token with user and repo scope. + +Defaults to `[]`. + + | +
+ state
+ |
+
+ string
+ |
+
+ An unguessable random string. It is used to protect against cross-site request forgery attacks.
+ Defaults to Math.random().toString(36).substr(2).
+ |
+
+ allowSignup
+ |
+
+ boolean
+ |
+
+ Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. Use false in the case that a policy prohibits signups. Defaults to true.
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { url } = getWebFlowAuthorizationUrl({
+ clientType: "oauth-app",
+ clientId: "1234567890abcdef1234",
+ scopes: ["repo"],
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ allowSignup
+ |
+
+ boolean
+ |
+
+ Returns options.allowSignup if it was set. Defaults to true.
+ |
+
+ clientType
+ |
+
+ string
+ |
+
+ Returns options.clientType
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ Returns options.clientId.
+ |
+
+ login
+ |
+
+ string
+ |
+
+ Returns options.login if it was set. Defaults to null.
+ |
+
+ redirectUrl
+ |
+
+ string
+ |
+
+ Returns options.redirectUrl if it was set. Defaults to null.
+ |
+
+ scopes
+ |
+
+ array of strings
+ |
+
+
+Only set if `options.clientType` is set to `"oauth-app"`.
+
+Returns an array of strings. Returns options.scopes if it was set and turns the string into an array if a string was passed, otherwise [].
+
+ |
+
+ state
+ |
+
+ string
+ |
+
+ Returns options.state if it was set. Defaults to Math.random().toString(36).substr(2).
+ |
+
+ url
+ |
+
+ string
+ |
+ + The authorization URL + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to either "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ code
+ |
+
+ string
+ |
+
+ Required. The code from GitHub's OAuth flow redirect's ?code=... query parameter
+ |
+
+ redirectUrl
+ |
+
+ string
+ |
+
+ The redirectUrl option you passed to getWebFlowAuthorizationUrl()
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await exchangeWebFlowCode({
+ clientType: "oauth-app",
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef12347890abcdef12345678",
+ code: "code123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to either "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + +Only permitted if `clientType` is set to `"oauth-app"`. GitHub Apps do not support scopes. + +Array of [scope names](https://docs.github.com/en/developers/apps/scopes-for-oauth-apps#available-scopes) you want to request for the user access token. + + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data } = await createDeviceCode({
+ clientType: "oauth-app",
+ clientId: "1234567890abcdef1234",
+ scopes: ["repo"],
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to either "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ code
+ |
+
+ string
+ |
+
+ Required. The decive_code from the createDeviceCode() response
+ |
+
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await exchangeDeviceCode({
+ clientType: "oauth-app",
+ clientId: "1234567890abcdef1234",
+ code: "code123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to either "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + Required. The user access token to check + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await checkToken({
+ clientType: "oauth-app",
+ clientId: "1234567890abcdef1234",
+ clientSecret: "1234567890abcdef12347890abcdef12345678",
+ token: "usertoken123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Must be set to "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ refreshToken
+ |
+
+ string
+ |
+ + Required. The refresh token that was received alongside the user access token. + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await refreshToken({
+ clientType: "github-app",
+ clientId: "lv1.1234567890abcdef",
+ clientSecret: "1234567890abcdef12347890abcdef12345678",
+ refreshToken: "r1.refreshtoken123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Required. Must be set to "github-app".
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ target
+ |
+
+ string
+ |
+
+ Required unless targetId is set. The name of the user or organization to scope the user-to-server access token to.
+ |
+
+ targetId
+ |
+
+ integer
+ |
+
+ Required unless target is set. The ID of the user or organization to scope the user-to-server access token to.
+ |
+
+ repositories
+ |
+
+ array of strings
+ |
+
+ The list of repository names to scope the user-to-server access token to. repositories may not be specified if repository_ids is specified.
+ |
+
+ repository_ids
+ |
+
+ array of integers
+ |
+
+ The list of repository IDs to scope the user-to-server access token to. repositories may not be specified if repositories is specified.
+ |
+
+ permissions
+ |
+
+ object
+ |
+ + The permissions granted to the user-to-server access token. See GitHub App Permissions. + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await scopeToken({
+ clientType: "github-app",
+ clientId: "lv1.1234567890abcdef",
+ token: "usertoken123",
+ target: "octokit",
+ repositories: ["oauth-methods.js"],
+ permissions: {
+ issues: "write",
+ },
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Must be set to "oauth-app" or "github-app".
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + Required. The user access token to reset + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await resetToken({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "secret",
+ token: "usertoken123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Must be set to "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + Required. The user access token to delete + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await deleteToken({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "secret",
+ token: "usertoken123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ Must be set to "oauth-app" or "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+ + Required. Your app's client ID + | +
+ clientSecret
+ |
+
+ string
+ |
+ + Required. One of your app's client secrets + | +
+ token
+ |
+
+ string
+ |
+ + Required. A valid user access token for the authorization + | +
+ request
+ |
+
+ function
+ |
+
+ You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the REST API root endpoint. Example:
+
+```js
+const { request } = require("@octokit/request");
+const { data, authentication } = await deleteAuthorization({
+ clientId: "1234567890abcdef1234",
+ clientSecret: "secret",
+ token: "usertoken123",
+ request: request.defaults({
+ baseUrl: "https://ghe.my-company.com/api/v3",
+ }),
+});
+```
+
+ |
+
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ "oauth-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ scopes
+ |
+
+ array of strings
+ |
+ + array of scope names enabled for the token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
| + name + | ++ type + | ++ description + | +
|---|---|---|
+ clientType
+ |
+
+ string
+ |
+
+ "github-app"
+ |
+
+ clientId
+ |
+
+ string
+ |
+
+ The app's Client ID
+ |
+
+ token
+ |
+
+ string
+ |
+ + The user access token + | +
+ refreshToken
+ |
+
+ string
+ |
+ + The refresh token + | +
+ expiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
+ |
+
+ refreshTokenExpiresAt
+ |
+
+ string
+ |
+
+ Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
+ |
+
| +Browsers + | + +Load `@octokit/plugin-request-log` and [`@octokit/core`](https://github.com/octokit/core.js) (or core-compatible module) directly from [cdn.skypack.dev](https://cdn.skypack.dev) + +```html + +``` + + |
|---|---|
| +Node + | + +Install with `npm install @octokit/core @octokit/plugin-request-log`. Optionally replace `@octokit/core` with a core-compatible module + +```js +const { Octokit } = require("@octokit/core"); +const { requestLog } = require("@octokit/plugin-request-log"); +``` + + |
| +Browsers + |
+Load @octokit/rest directly from cdn.skypack.dev
+
+```html
+
+```
+
+ |
|---|---|
| +Node + |
+
+Install with npm install @octokit/rest
+
+```js
+const { Octokit } = require("@octokit/rest");
+// or: import { Octokit } from "@octokit/rest";
+```
+
+ |