| Browsers | Load `@octokit/auth-oauth-user` directly from [cdn.skypack.dev](https://cdn.skypack.dev) ```html ``` |
|---|---|
| Node | Install with `npm install @octokit/auth-oauth-user` ```js const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); ``` |
| Browsers | `@octokit/auth-oauth-user` cannot be used in the browser. It requires `clientSecret` to be set which must not be exposed to clients, and some of the OAuth APIs it uses do not support CORS. |
|---|---|
| Node | Install with `npm install @octokit/core @octokit/auth-oauth-user`. Optionally replace `@octokit/core` with a compatible module ```js const { Octokit } = require("@octokit/core"); const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); ``` |
| name | type | description |
|---|---|---|
clientId
|
string
|
Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. |
clientSecret
|
string
|
Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. |
clientType
|
string
|
Either "oauth-app" or "github-app". Defaults to "oauth-app".
|
code
|
string
|
**Required.** The authorization code which was passed as query parameter to the callback URL from [GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#web-application-flow). |
state
|
string
|
The unguessable random string you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity). |
redirectUrl
|
string
|
The redirect_uri parameter you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity).
|
request
|
function
|
You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
```js
const { request } = require("@octokit/request");
createOAuthAppAuth({
clientId: "1234567890abcdef1234",
clientSecret: "1234567890abcdef1234567890abcdef12345678",
request: request.defaults({
baseUrl: "https://ghe.my-company.com/api/v3",
}),
});
```
|
| name | type | description |
|---|---|---|
clientId
|
string
|
Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. |
clientSecret
|
string
|
Required. Client Secret for your GitHub/OAuth App. The clientSecret is not needed for the OAuth device flow itself, but it is required for resetting, refreshing, and invalidating a token. Find the Client Secret on your app's settings page.
|
clientType
|
string
|
Either "oauth-app" or "github-app". Defaults to "oauth-app".
|
onVerification
|
function
|
**Required**. A function that is called once the device and user codes were retrieved The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. ```js const auth = createOAuthUserAuth({ clientId: "1234567890abcdef1234", clientSecret: "1234567890abcdef1234567890abcdef12345678", onVerification(verification) { console.log("Open %s", verification.verification_uri); console.log("Enter code: %s", verification.user_code); await prompt("press enter when you are ready to continue"); }, }); ``` |
request
|
function
|
You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
```js
const { request } = require("@octokit/request");
createOAuthAppAuth({
clientId: "1234567890abcdef1234",
clientSecret: "1234567890abcdef1234567890abcdef12345678",
onVerification(verification) {
console.log("Open %s", verification.verification_uri);
console.log("Enter code: %s", verification.user_code);
await prompt("press enter when you are ready to continue");
},
request: request.defaults({
baseUrl: "https://ghe.my-company.com/api/v3",
}),
});
```
|
| name | type | description |
|---|---|---|
clientType
|
string
|
Required. Either "oauth-app" or "github".
|
clientId
|
string
|
Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. |
clientSecret
|
string
|
Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. |
token
|
string
|
Required. The user access token |
scopes
|
array of strings
|
Required if clientType is set to "oauth-app". Array of OAuth scope names the token was granted
|
refreshToken
|
string
|
Only relevant if clientType is set to "github-app" and token expiration is enabled.
|
expiresAt
|
string
|
Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
|
refreshTokenExpiresAt
|
string
|
Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
|
request
|
function
|
You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
```js
const { request } = require("@octokit/request");
createOAuthAppAuth({
clientId: "1234567890abcdef1234",
clientSecret: "1234567890abcdef1234567890abcdef12345678",
request: request.defaults({
baseUrl: "https://ghe.my-company.com/api/v3",
}),
});
```
|
| name | type | description |
|---|---|---|
type
|
string
|
Without setting `type` auth will return the current authentication object, or exchange the `code` from the strategy options on first call. If the current authentication token is expired, the tokens will be refreshed. Possible values for `type` are - `"get"`: returns the token from internal state and creates it if none was created yet - `"check"`: sends request to verify the validity of the current token - `"reset"`: invalidates current token and replaces it with a new one - `"refresh"`: GitHub Apps only, and only if expiring user tokens are enabled. - `"delete"`: invalidates current token - `"deleteAuthorization"`: revokes OAuth access for application. All tokens for the current user created by the same app are invalidated. The user will be prompted to grant access again during the next OAuth web flow. |
| name | type | description |
|---|---|---|
type
|
string
|
"token"
|
tokenType
|
string
|
"oauth"
|
clientType
|
string
|
"oauth-app"
|
clientId
|
string
|
The clientId from the strategy options
|
clientSecret
|
string
|
The clientSecret from the strategy options
|
token
|
string
|
The user access token |
scopes
|
array of strings
|
array of scope names enabled for the token |
onTokenCreated
|
function
|
callback invoked when a token is "reset" or "refreshed" |
invalid
|
boolean
|
Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid |
| name | type | description |
|---|---|---|
type
|
string
|
"token"
|
tokenType
|
string
|
"oauth"
|
clientType
|
string
|
"github-app"
|
clientId
|
string
|
The clientId from the strategy options
|
clientSecret
|
string
|
The clientSecret from the strategy options
|
token
|
string
|
The user access token |
onTokenCreated
|
function
|
callback invoked when a token is "reset" or "refreshed" |
invalid
|
boolean
|
Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid |
| name | type | description |
|---|---|---|
type
|
string
|
"token"
|
tokenType
|
string
|
"oauth"
|
clientType
|
string
|
"github-app"
|
clientId
|
string
|
The clientId from the strategy options
|
clientSecret
|
string
|
The clientSecret from the strategy options
|
token
|
string
|
The user access token |
refreshToken
|
string
|
The refresh token |
expiresAt
|
string
|
Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
|
refreshTokenExpiresAt
|
string
|
Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
|
invalid
|
boolean
|
Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid |