| - -Browsers - - | - -`@octokit/app` is not meant for browser usage. - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/app` - -```js -const { App, createNodeMiddleware } = require("@octokit/app"); -``` - - |
| - name - | -- type - | -- description - | -
|---|---|---|
- appId
- |
-
- number
- |
- - Required. Find the App ID on the app’s about page in settings. - | -
- privateKey
- |
-
- string
- |
-
- Required. Content of the *.pem file you downloaded from the app’s about page. You can generate a new private key if needed.
- |
-
- Octokit
- |
-
- Constructor
- |
- - -You can pass in your own Octokit constructor with custom defaults and plugins. Note that `authStrategy` will be always be set to `createAppAuth` from [`@octokit/auth-app`](https://github.com/octokit/auth-app.js). - -For usage with enterprise, set `baseUrl` to the hostname + `/api/v3`. Example: - -```js -const { Octokit } = require("@octokit/core"); -new App({ - appId: 123, - privateKey: "-----BEGIN PRIVATE KEY-----\n...", - oauth: { - clientId: 123, - clientSecret: "secret", - }, - webhooks: { - secret: "secret", - }, - Octokit: Octokit.defaults({ - baseUrl: "https://ghe.my-company.com/api/v3", - }), -}); -``` - -Defaults to [`@octokit/core`](https://github.com/octokit/core.js). - - |
- log
- |
-
- object
- |
-
- Used for internal logging. Defaults to console.
- |
-
- webhooks.secret
- |
-
- string
- |
- - Required. Secret as configured in the GitHub App's settings. - | -
- webhooks.transform
- |
-
- function
- |
- - Only relevant for `app.webhooks.on`. Transform emitted event before calling handlers. Can be asynchronous. - | -
- oauth.clientId
- |
-
- number
- |
- - Find the OAuth Client ID on the app’s about page in settings. - | -
- oauth.clientSecret
- |
-
- number
- |
- - Find the OAuth Client Secret on the app’s about page in settings. - | -
- oauth.allowSignup
- |
-
- boolean
- |
-
- Sets the default value for app.oauth.getAuthorizationUrl(options).
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- app
- |
-
- App instance
- |
- - Required. - | -
- options.pathPrefix
- |
-
- string
- |
- - -All exposed paths will be prefixed with the provided prefix. Defaults to `"/api/github"` - - | -
- log
-
- object
-
- |
- - -Used for internal logging. Defaults to [`console`](https://developer.mozilla.org/en-US/docs/Web/API/console) with `debug` and `info` doing nothing. - - | -|
- options.onUnhandledRequest
- |
-
- function
- |
- - -Defaults to - -```js -function onUnhandledRequest(request, response) { - response.writeHead(400, { - "content-type": "application/json", - }); - response.end( - JSON.stringify({ - error: error.message, - }) - ); -} -``` - - |
| -Browsers - | - -⚠️ `@octokit/auth-app` is not meant for usage in the browser. A private key and client secret must not be exposed to users. - -The private keys provided by GitHub are in `PKCS#1` format, but the WebCrypto API only supports `PKCS#8`. You need to convert it first: - -```shell -openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.key -``` - -The OAuth APIs to create user-to-server tokens cannot be used because they do not have CORS enabled. - -If you know what you are doing, load `@octokit/auth-app` directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| -Node - |
-
-Install with npm install @octokit/auth-app
-
-```js
-const { createAppAuth } = require("@octokit/auth-app");
-// or: import { createAppAuth } from "@octokit/auth-app";
-```
-
- |
| - -Browsers - - | - -⚠️ `@octokit/auth-app` is not meant for usage in the browser. A private key and client secret must not be exposed to users. - -The private keys provided by GitHub are in `PKCS#1` format, but the WebCrypto API only supports `PKCS#8`. You need to convert it first: - -```shell -openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private-key-pkcs8.key -``` - -The OAuth APIs to create user-to-server tokens cannot be used because they do not have CORS enabled. - -If you know what you are doing, load `@octokit/auth-app` and `@octokit/core` (or a compatible module) directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/core @octokit/auth-app`. Optionally replace `@octokit/core` with a compatible module - -```js -const { Octokit } = require("@octokit/core"); -const { createAppAuth, createOAuthUserAuth } = require("@octokit/auth-app"); -``` - - |
| - name - | -- type - | -- description - | -
|---|---|---|
- appId
- |
-
- number
- |
- - Required. Find App ID on the app’s about page in settings. - | -
- privateKey
- |
-
- string
- |
-
- Required. Content of the *.pem file you downloaded from the app’s about page. You can generate a new private key if needed.
- |
-
- installationId
- |
-
- number
- |
-
- Default installationId to be used when calling auth({ type: "installation" }).
- |
-
- clientId
- |
-
- string
- |
- - The client ID of the GitHub App. - | -
- clientSecret
- |
-
- string
- |
- - A client secret for the GitHub App. - | -
- request
- |
-
- function
- |
- - -Automatically set to `octokit.request` when using with an `Octokit` constructor. - -For standalone usage, you can pass in your own [`@octokit/request`](https://github.com/octokit/request.js) instance. For usage with enterprise, set `baseUrl` to the hostname + `/api/v3`. Example: - -```js -const { request } = require("@octokit/request"); -createAppAuth({ - appId: 1, - privateKey: "-----BEGIN PRIVATE KEY-----\n...", - request: request.defaults({ - baseUrl: "https://ghe.my-company.com/api/v3", - }), -}); -``` - - |
- cache
- |
-
- object
- |
-
- Installation tokens expire after an hour. By default, @octokit/auth-app is caching up to 15000 tokens simultaneously using lru-cache. You can pass your own cache implementation by passing options.cache.{get,set} to the constructor. Example:
-
-```js
-const CACHE = {};
-createAppAuth({
- appId: 1,
- privateKey: "-----BEGIN PRIVATE KEY-----\n...",
- cache: {
- async get(key) {
- return CACHE[key];
- },
- async set(key, value) {
- CACHE[key] = value;
- },
- },
-});
-```
-
- |
- log
- |
-
- object
- |
-
- You can pass in your preferred logging tool by passing option.log to the constructor. If you would like to make the log level configurable using an environment variable or external option, we recommend the console-log-level package. For example:
-
-```js
-createAppAuth({
- appId: 1,
- privateKey: "-----BEGIN PRIVATE KEY-----\n...",
- log: require("console-log-level")({ level: "info" }),
-});
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be either "app".
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be either "oauth-app".
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be "installation".
- |
-
- installationId
- |
-
- number
- |
-
- Required unless a default installationId was passed to createAppAuth(). ID of installation to retrieve authentication for.
- |
-
- repositoryIds
- |
-
- array of numbers
- |
-
- The id of the repositories that the installation token can access. Also known as a databaseID when querying the repository object in GitHub's GraphQL API. This option is **(recommended)** over repositoryNames when needing to limit the scope of the access token, due to repositoryNames having the possibility of changing. Additionally, you should only include either repositoryIds or repositoryNames, but not both.
- |
-
- repositoryNames
- |
-
- array of strings
- |
-
- The name of the repositories that the installation token can access. As mentioned in the repositoryIds description, you should only include either repositoryIds or repositoryNames, but not both.
- |
-
- permissions
- |
-
- object
- |
- - The permissions granted to the access token. The permissions object includes the permission names and their access type. For a complete list of permissions and allowable values, see GitHub App permissions. - | -
- factory
- |
-
- function
- |
- - -The `auth({type: "installation", installationId, factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. - -For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: - -```js -const appAuth = createAppAuth({ - appId: 1, - privateKey: "-----BEGIN PRIVATE KEY-----\n...", -}); - -const installationAuth123 = await appAuth({ - type: "installation", - installationId: 123, - factory: createAppAuth, -}); -``` - - | -
- refresh
- |
-
- boolean
- |
- - -Installation tokens expire after one hour. By default, tokens are cached and returned from cache until expired. To bypass and update a cached token for the given `installationId`, set `refresh` to `true`. - -Defaults to `false`. - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be "oauth-user".
- |
-
- factory
- |
-
- function
- |
- - -The `auth({type: "oauth-user", factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. - -For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: - -```js -const { - createAppAuth, - createOAuthUserAuth, -} = require("@octokit/auth-oauth-app"); - -const appAuth = createAppAuth({ - appId: 1, - privateKey: "-----BEGIN PRIVATE KEY-----\n...", - clientId: "lv1.1234567890abcdef", - clientSecret: "1234567890abcdef1234567890abcdef12345678", -}); - -const userAuth = await appAuth({ - type: "oauth-user", - code, - factory: createOAuthUserAuth, -}); - -// will create token upon first call, then cache authentication for successive calls, -// until token needs to be refreshed (if enabled for the GitHub App) -const authentication = await userAuth(); -``` - - | -
- code
- |
-
- string
- |
-
- The authorization code which was passed as query parameter to the callback URL from the OAuth web application flow.
- |
-
- redirectUrl
- |
-
- string
- |
- - The URL in your application where users are sent after authorization. See redirect urls. - | -
- state
- |
-
- string
- |
- - The unguessable random string you provided in Step 1 of the OAuth web application flow. - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be "oauth-user".
- |
-
- onVerification
- |
-
- function
- |
- - -**Required**. A function that is called once the device and user codes were retrieved. - -The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. - -```js -const auth = auth({ - type: "oauth-user", - onVerification(verification) { - console.log("Open %s", verification.verification_uri); - console.log("Enter code: %s", verification.user_code); - await prompt("press enter when you are ready to continue"); - }, -}); -``` - - | -
- factory
- |
-
- function
- |
- - -The `auth({type: "oauth-user", factory })` call with resolve with whatever the factory function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. - -For example, you can create a new `auth` instance for an installation which shares the internal state (especially the access token cache) with the calling `auth` instance: - -```js -const { - createAppAuth, - createOAuthUserAuth, -} = require("@octokit/auth-oauth-app"); - -const appAuth = createAppAuth({ - appId: 1, - privateKey: "-----BEGIN PRIVATE KEY-----\n...", - clientId: "lv1.1234567890abcdef", - clientSecret: "1234567890abcdef1234567890abcdef12345678", -}); - -const userAuth = await appAuth({ - type: "oauth-user", - code, - factory: createOAuthUserAuth, -}); - -// will create token upon first call, then cache authentication for successive calls, -// until token needs to be refreshed (if enabled for the GitHub App) -const authentication = await userAuth(); -``` - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "app"
- |
-
- token
- |
-
- string
- |
- - The JSON Web Token (JWT) to authenticate as the app. - | -
- appId
- |
-
- number
- |
- - GitHub App database ID. - | -
- expiresAt
- |
-
- string
- |
-
- Timestamp in UTC format, e.g. "2018-07-07T00:09:30.000Z". A Date object can be created using new Date(authentication.expiresAt).
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "oauth-app"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
- - The client ID as passed to the constructor. - | -
- clientSecret
- |
-
- string
- |
- - The client secret as passed to the constructor. - | -
- headers
- |
-
- object
- |
-
- { authorization }.
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- token
- |
-
- string
- |
- - The installation access token. - | -
- tokenType
- |
-
- string
- |
-
- "installation"
- |
-
- installationId
- |
-
- number
- |
- - Installation database ID. - | -
- createdAt
- |
-
- string
- |
-
- Timestamp in UTC format, e.g. "2018-07-07T00:00:00.000Z". A Date object can be created using new Date(authentication.expiresAt).
- |
-
- expiresAt
- |
-
- string
- |
-
- Timestamp in UTC format, e.g. "2018-07-07T00:59:00.000Z". A Date object can be created using new Date(authentication.expiresAt).
- |
-
- repositoryIds
- |
-
- array of numbers
- |
-
- Only present if repositoryIds option passed to auth(options).
- |
-
- repositoryNames
- |
-
- array of strings
- |
-
- Only present if repositoryNames option passed to auth(options).
- |
-
- permissions
- |
-
- object
- |
-
- An object where keys are the permission name and the value is either "read" or "write". See the list of all GitHub App Permissions.
- |
-
- singleFileName
- |
-
- string
- |
-
- If the single file permission is enabled, the singleFileName property is set to the path of the accessible file.
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- clientSecret
- |
-
- string
- |
- - One of the app's client secrets - | -
- token
- |
-
- string
- |
- - The user access token - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- clientSecret
- |
-
- string
- |
- - One of the app's client secrets - | -
- token
- |
-
- string
- |
- - The user access token - | -
- refreshToken
- |
-
- string
- |
- - The refresh token - | -
- expiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
- |
-
- refreshTokenExpiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
- |
-
| -Browsers - | - -⚠️ `@octokit/auth-oauth-app` is not meant for usage in the browser. The OAuth APIs to create tokens do not have CORS enabled, and a client secret must not be exposed to the client. - -If you know what you are doing, load `@octokit/auth-oauth-app` directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| -Node - |
-
-Install with npm install @octokit/auth-oauth-app
-
-```js
-const { createOAuthAppAuth } = require("@octokit/auth-oauth-app");
-// or: import { createOAuthAppAuth } from "@octokit/auth-oauth-app";
-```
-
- |
| - -Browsers - - | - -⚠️ `@octokit/auth-oauth-app` is not meant for usage in the browser. The OAuth APIs to create tokens do not have CORS enabled, and a client secret must not be exposed to the client. - -If you know what you are doing, load `@octokit/auth-oauth-app` and `@octokit/core` (or a compatible module) directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/core @octokit/auth-oauth-app`. Optionally replace `@octokit/core` with a compatible module - -```js -const { Octokit } = require("@octokit/core"); -const { - createOAuthAppAuth, - createOAuthUserAuth, -} = require("@octokit/auth-oauth-app"); -``` - - |
| - name - | -- type - | -- description - | -
|---|---|---|
- clientId
- |
-
- string
- |
-
- Required. Find your OAuth app’s Client ID in your account’s developer settings.
- |
-
- clientSecret
- |
-
- string
- |
-
- Required. Find your OAuth app’s Client Secret in your account’s developer settings.
- |
-
- clientType
- |
-
- string
- |
-
- Must be set to either "oauth-app" or "github-app". Defaults to "oauth-app"
- |
-
- request
- |
-
- function
- |
-
- You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
-
-```js
-const { request } = require("@octokit/request");
-createOAuthAppAuth({
- clientId: "1234567890abcdef1234",
- clientSecret: "1234567890abcdef1234567890abcdef12345678",
- request: request.defaults({
- baseUrl: "https://ghe.my-company.com/api/v3",
- }),
-});
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be set to "oauth-app"
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be set to "oauth-user".
- |
-
- code
- |
-
- string
- |
-
- Required. The authorization code which was passed as query parameter to the callback URL from the OAuth web application flow.
- |
-
- redirectUrl
- |
-
- string
- |
- - The URL in your application where users are sent after authorization. See redirect urls. - | -
- state
- |
-
- string
- |
- - The unguessable random string you provided in Step 1 of the OAuth web application flow. - | -
- factory
- |
-
- function
- |
- - -When the `factory` option is, the `auth({type: "oauth-user", code, factory })` call with resolve with whatever the `factory` function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. - -For example, you can create a new `auth` instance for for a user using [`createOAuthUserAuth`](https://github.com/octokit/auth-oauth-user.js/#readme) which implements auto-refreshing tokens, among other features. You can import `createOAuthUserAuth` directly from `@octokit/auth-oauth-app` which will ensure compatibility. - -```js -const { - createOAuthAppAuth, - createOAuthUserAuth, -} = require("@octokit/auth-oauth-app"); - -const appAuth = createOAuthAppAuth({ - clientType: "github-app", - clientId: "lv1.1234567890abcdef", - clientSecret: "1234567890abcdef1234567890abcdef12345678", -}); - -const userAuth = await appAuth({ - type: "oauth-user", - code, - factory: createOAuthUserAuth, -}); - -// will create token upon first call, then cache authentication for successive calls, -// until token needs to be refreshed (if enabled for the GitHub App) -const authentication = await userAuth(); -``` - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be set to "oauth-user".
- |
-
- onVerification
- |
-
- function
- |
- - -**Required**. A function that is called once the device and user codes were retrieved. - -The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. - -```js -const auth = auth({ - type: "oauth-user", - onVerification(verification) { - console.log("Open %s", verification.verification_uri); - console.log("Enter code: %s", verification.user_code); - - await prompt("press enter when you are ready to continue"); - }, -}); -``` - - | -
- scopes
- |
-
- array of strings
- |
-
- Only relevant if the clientType strategy option is set to "oauth-app".Array of OAuth scope names that the user access token should be granted. Defaults to no scopes ([]).
- |
-
- factory
- |
-
- function
- |
- - -When the `factory` option is, the `auth({type: "oauth-user", code, factory })` call with resolve with whatever the `factory` function returns. The `factory` function will be called with all the strategy option that `auth` was created with, plus the additional options passed to `auth`, besides `type` and `factory`. - -For example, you can create a new `auth` instance for for a user using [`createOAuthUserAuth`](https://github.com/octokit/auth-oauth-user.js/#readme) which implements auto-refreshing tokens, among other features. You can import `createOAuthUserAuth` directly from `@octokit/auth-oauth-app` which will ensure compatibility. - -```js -const { - createOAuthAppAuth, - createOAuthUserAuth, -} = require("@octokit/auth-oauth-app"); - -const appAuth = createOAuthAppAuth({ - clientType: "github-app", - clientId: "lv1.1234567890abcdef", - clientSecret: "1234567890abcdef1234567890abcdef12345678", -}); - -const userAuth = await appAuth({ - type: "oauth-user", - onVerification, - factory: createOAuthUserAuth, -}); - -// will create token upon first call, then cache authentication for successive calls, -// until token needs to be refreshed (if enabled for the GitHub App) -const authentication = await userAuth(); -``` - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "oauth-app"
- |
-
- clientType
- |
-
- string
- |
-
- "oauth-app" or "github-app"
- |
-
- clientId
- |
-
- string
- |
- - The client ID as passed to the constructor. - | -
- clientSecret
- |
-
- string
- |
- - The client secret as passed to the constructor. - | -
- headers
- |
-
- object
- |
-
- { authorization }.
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "oauth-app"
- |
-
- clientId
- |
-
- string
- |
-
- The clientId from the strategy options
- |
-
- clientSecret
- |
-
- string
- |
-
- The clientSecret from the strategy options
- |
-
- token
- |
-
- string
- |
- - The user access token - | -
- scopes
- |
-
- array of strings
- |
- - array of scope names enabled for the token - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- clientSecret
- |
-
- string
- |
- - One of the app's client secrets - | -
- token
- |
-
- string
- |
- - The user access token - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- clientSecret
- |
-
- string
- |
- - One of the app's client secrets - | -
- token
- |
-
- string
- |
- - The user access token - | -
- refreshToken
- |
-
- string
- |
- - The refresh token - | -
- expiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
- |
-
- refreshTokenExpiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
- |
-
| - -Browsers - - | - -Load `@octokit/auth-oauth-device` directly from [cdn.pika.dev](https://cdn.pika.dev) - -```html - -``` - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/core @octokit/auth-oauth-device` - -```js -const { createOAuthDeviceAuth } = require("@octokit/auth-oauth-device"); -``` - - |
| - name - | -- type - | -- description - | -
|---|---|---|
- clientId
- |
-
- string
- |
-
- Required. Find your OAuth app’s Client ID in your account’s developer settings.
- |
-
- onVerification
- |
-
- function
- |
- - Required. A function that is called once the device and user codes were retrieved - -The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. - -```js -const auth = createOAuthDeviceAuth({ - clientId: "1234567890abcdef1234", - onVerification(verification) { - console.log("Open %s", verification.verification_uri); - console.log("Enter code: %s", verification.user_code); - - await prompt("press enter when you are ready to continue"); - }, -}); -``` - - | -
- clientType
- |
-
- string
- |
- - -Must be either `oauth-app` or `github-app`. Defaults to `oauth-app`. - - | -
- request
- |
-
- function
- |
-
- You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
-
-```js
-const { request } = require("@octokit/request");
-createOAuthDeviceAuth({
- clientId: "1234567890abcdef1234",
- clientSecret: "secret",
- request: request.defaults({
- baseUrl: "https://ghe.my-company.com/api/v3",
- }),
-});
-```
-
- |
- scopes
- |
-
- array of strings
- |
- - -Only relavant if `clientType` is set to `"oauth-app"`. - -Array of scope names enabled for the token. Defaults to `[]`. See [available scopes](https://docs.github.com/en/developers/apps/scopes-for-oauth-apps#available-scopes). - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- Required. Must be set to "oauth"
- |
-
- scopes
- |
-
- array of strings
- |
- - -Only relevant if the `clientType` strategy options was set to `"oauth-app"` - -Array of scope names enabled for the token. Defaults to what was set in the [strategy options](#createoauthdeviceauthoptions). See available scopes - - | -
- refresh
- |
-
- boolean
- |
- - -Defaults to `false`. When set to `false`, calling `auth(options)` will resolve with a token that was previously created for the same scopes if it exists. If set to `true` a new token will always be created. - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- token
- |
-
- string
- |
- - The personal access token - | -
- scopes
- |
-
- array of strings
- |
- - array of scope names enabled for the token - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- token
- |
-
- string
- |
- - The personal access token - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The app's Client ID
- |
-
- token
- |
-
- string
- |
- - The user access token - | -
- refreshToken
- |
-
- string
- |
- - The refresh token - | -
- expiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
- |
-
- refreshTokenExpiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
- |
-
| - -Browsers - - | - -Load `@octokit/auth-oauth-user` directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/auth-oauth-user` - -```js -const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); -``` - - |
| - -Browsers - - | - -`@octokit/auth-oauth-user` cannot be used in the browser. It requires `clientSecret` to be set which must not be exposed to clients, and some of the OAuth APIs it uses do not support CORS. - - |
|---|---|
| - -Node - - | - -Install with `npm install @octokit/core @octokit/auth-oauth-user`. Optionally replace `@octokit/core` with a compatible module - -```js -const { Octokit } = require("@octokit/core"); -const { createOAuthUserAuth } = require("@octokit/auth-oauth-user"); -``` - - |
| - name - | -- type - | -- description - | -
|---|---|---|
- clientId
- |
-
- string
- |
- - Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. - | -
- clientSecret
- |
-
- string
- |
- - Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. - | -
- clientType
- |
-
- string
- |
-
- Either "oauth-app" or "github-app". Defaults to "oauth-app".
- |
-
- code
- |
-
- string
- |
- - -**Required.** The authorization code which was passed as query parameter to the callback URL from [GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#web-application-flow). - - | -
- state
- |
-
- string
- |
- - -The unguessable random string you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity). - - | -
- redirectUrl
- |
-
- string
- |
-
-
-The redirect_uri parameter you provided in [Step 1 of GitHub's OAuth web application flow](https://docs.github.com/en/developers/apps/authorizing-oauth-apps#1-request-a-users-github-identity).
-
- |
-
- request
- |
-
- function
- |
-
- You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
-
-```js
-const { request } = require("@octokit/request");
-createOAuthAppAuth({
- clientId: "1234567890abcdef1234",
- clientSecret: "1234567890abcdef1234567890abcdef12345678",
- request: request.defaults({
- baseUrl: "https://ghe.my-company.com/api/v3",
- }),
-});
-```
-
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- clientId
- |
-
- string
- |
- - Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. - | -
- clientSecret
- |
-
- string
- |
-
- Required. Client Secret for your GitHub/OAuth App. The clientSecret is not needed for the OAuth device flow itself, but it is required for resetting, refreshing, and invalidating a token. Find the Client Secret on your app's settings page.
- |
-
- clientType
- |
-
- string
- |
-
- Either "oauth-app" or "github-app". Defaults to "oauth-app".
- |
-
- onVerification
- |
-
- function
- |
- - -**Required**. A function that is called once the device and user codes were retrieved - -The `onVerification()` callback can be used to pause until the user completes step 2, which might result in a better user experience. - -```js -const auth = createOAuthUserAuth({ - clientId: "1234567890abcdef1234", - clientSecret: "1234567890abcdef1234567890abcdef12345678", - onVerification(verification) { - console.log("Open %s", verification.verification_uri); - console.log("Enter code: %s", verification.user_code); - - await prompt("press enter when you are ready to continue"); - }, -}); -``` - - | -
- request
- |
-
- function
- |
-
- You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
-
-```js
-const { request } = require("@octokit/request");
-createOAuthAppAuth({
- clientId: "1234567890abcdef1234",
- clientSecret: "1234567890abcdef1234567890abcdef12345678",
- onVerification(verification) {
- console.log("Open %s", verification.verification_uri);
- console.log("Enter code: %s", verification.user_code);
-
- await prompt("press enter when you are ready to continue");
- },
- request: request.defaults({
- baseUrl: "https://ghe.my-company.com/api/v3",
- }),
-});
-```
-
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- clientType
- |
-
- string
- |
-
- Required. Either "oauth-app" or "github".
- |
-
- clientId
- |
-
- string
- |
- - Required. Client ID of your GitHub/OAuth App. Find it on your app's settings page. - | -
- clientSecret
- |
-
- string
- |
- - Required. Client Secret for your GitHub/OAuth App. Create one on your app's settings page. - | -
- token
- |
-
- string
- |
- - Required. The user access token - | -
- scopes
- |
-
- array of strings
- |
-
- Required if clientType is set to "oauth-app". Array of OAuth scope names the token was granted
- |
-
- refreshToken
- |
-
- string
- |
-
- Only relevant if clientType is set to "github-app" and token expiration is enabled.
- |
-
- expiresAt
- |
-
- string
- |
-
- Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
- |
-
- refreshTokenExpiresAt
- |
-
- string
- |
-
- Only relevant if clientType is set to "github-app" and token expiration is enabled. Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
- |
-
- request
- |
-
- function
- |
-
- You can pass in your own @octokit/request instance. For usage with enterprise, set baseUrl to the API root endpoint. Example:
-
-```js
-const { request } = require("@octokit/request");
-createOAuthAppAuth({
- clientId: "1234567890abcdef1234",
- clientSecret: "1234567890abcdef1234567890abcdef12345678",
- request: request.defaults({
- baseUrl: "https://ghe.my-company.com/api/v3",
- }),
-});
-```
-
- |
-
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
- - -Without setting `type` auth will return the current authentication object, or exchange the `code` from the strategy options on first call. If the current authentication token is expired, the tokens will be refreshed. - -Possible values for `type` are - -- `"get"`: returns the token from internal state and creates it if none was created yet -- `"check"`: sends request to verify the validity of the current token -- `"reset"`: invalidates current token and replaces it with a new one -- `"refresh"`: GitHub Apps only, and only if expiring user tokens are enabled. -- `"delete"`: invalidates current token -- `"deleteAuthorization"`: revokes OAuth access for application. All tokens for the current user created by the same app are invalidated. The user will be prompted to grant access again during the next OAuth web flow. - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "oauth-app"
- |
-
- clientId
- |
-
- string
- |
-
- The clientId from the strategy options
- |
-
- clientSecret
- |
-
- string
- |
-
- The clientSecret from the strategy options
- |
-
- token
- |
-
- string
- |
- - The user access token - | -
- scopes
- |
-
- array of strings
- |
- - array of scope names enabled for the token - | -
- invalid
- |
-
- boolean
- |
- - -Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The clientId from the strategy options
- |
-
- clientSecret
- |
-
- string
- |
-
- The clientSecret from the strategy options
- |
-
- token
- |
-
- string
- |
- - The user access token - | -
- invalid
- |
-
- boolean
- |
- - -Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid - - | -
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- tokenType
- |
-
- string
- |
-
- "oauth"
- |
-
- clientType
- |
-
- string
- |
-
- "github-app"
- |
-
- clientId
- |
-
- string
- |
-
- The clientId from the strategy options
- |
-
- clientSecret
- |
-
- string
- |
-
- The clientSecret from the strategy options
- |
-
- token
- |
-
- string
- |
- - The user access token - | -
- refreshToken
- |
-
- string
- |
- - The refresh token - | -
- expiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2022-01-01T08:00:0.000Z
- |
-
- refreshTokenExpiresAt
- |
-
- string
- |
-
- Date timestamp in ISO 8601 standard. Example: 2021-07-01T00:00:0.000Z
- |
-
- invalid
- |
-
- boolean
- |
- - -Either `undefined` or `true`. Will be set to `true` if the token was invalided explicitly or found to be invalid - - | -
| -Browsers - | - -Load `@octokit/auth-token` directly from [cdn.skypack.dev](https://cdn.skypack.dev) - -```html - -``` - - |
|---|---|
| -Node - |
-
-Install with npm install @octokit/auth-token
-
-```js
-const { createTokenAuth } = require("@octokit/auth-token");
-// or: import { createTokenAuth } from "@octokit/auth-token";
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "token"
- |
-
- token
- |
-
- string
- |
- - The provided token. - | -
- tokenType
- |
-
- string
- |
-
- Can be either "oauth" for personal access tokens and OAuth tokens, "installation" for installation access tokens (includes GITHUB_TOKEN provided to GitHub Actions), "app" for a GitHub App JSON Web Token, or "user-to-server" for a user authentication token through an app installation.
- |
-
| -Browsers - | - -Load `@octokit/auth-unauthenticated` directly from [cdn.pika.dev](https://cdn.pika.dev) - -```html - -``` - - |
|---|---|
| -Node - |
-
-Install with npm install @octokit/auth-unauthenticated
-
-```js
-const { createUnauthenticatedAuth } = require("@octokit/auth-unauthenticated");
-// or: import { createUnauthenticatedAuth } from "@octokit/auth-unauthenticated";
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- type
- |
-
- string
- |
-
- "unauthenticated"
- |
-
| -Browsers - |
-Load @octokit/core directly from cdn.skypack.dev
-
-```html
-
-```
-
- |
|---|---|
| -Node - |
-
-Install with npm install @octokit/core
-
-```js
-const { Octokit } = require("@octokit/core");
-// or: import { Octokit } from "@octokit/core";
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- options.authStrategy
- |
-
- Function |
-
- Defaults to @octokit/auth-token. See Authentication below for examples.
- |
-
- options.auth
- |
-
- String or Object
- |
- - See Authentication below for examples. - | -
- options.baseUrl
- |
-
- String
- |
- - -When using with GitHub Enterprise Server, set `options.baseUrl` to the root URL of the API. For example, if your GitHub Enterprise Server's hostname is `github.acme-inc.com`, then set `options.baseUrl` to `https://github.acme-inc.com/api/v3`. Example - -```js -const octokit = new Octokit({ - baseUrl: "https://github.acme-inc.com/api/v3", -}); -``` - - |
- options.previews
- |
-
- Array of Strings
- |
- - -Some REST API endpoints require preview headers to be set, or enable -additional features. Preview headers can be set on a per-request basis, e.g. - -```js -octokit.request("POST /repos/{owner}/{repo}/pulls", { - mediaType: { - previews: ["shadow-cat"], - }, - owner, - repo, - title: "My pull request", - base: "master", - head: "my-feature", - draft: true, -}); -``` - -You can also set previews globally, by setting the `options.previews` option on the constructor. Example: - -```js -const octokit = new Octokit({ - previews: ["shadow-cat"], -}); -``` - - |
- options.request
- |
-
- Object
- |
- - -Set a default request timeout (`options.request.timeout`) or an [`http(s).Agent`](https://nodejs.org/api/http.html#http_class_http_agent) e.g. for proxy usage (Node only, `options.request.agent`). - -There are more `options.request.*` options, see [`@octokit/request` options](https://github.com/octokit/request.js#request). `options.request` can also be set on a per-request basis. - - |
- options.timeZone
- |
-
- String
- |
- - -Sets the `Time-Zone` header which defines a timezone according to the [list of names from the Olson database](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). - -```js -const octokit = new Octokit({ - timeZone: "America/Los_Angeles", -}); -``` - -The time zone header will determine the timezone used for generating the timestamp when creating commits. See [GitHub's Timezones documentation](https://developer.github.com/v3/#timezones). - - |
- options.userAgent
- |
-
- String
- |
- - -A custom user agent string for your app or library. Example - -```js -const octokit = new Octokit({ - userAgent: "my-app/v1.2.3", -}); -``` - - |
| -Browsers - |
-Load @octokit/endpoint directly from cdn.skypack.dev
-
-```html
-
-```
-
- |
|---|---|
| -Node - |
-
-Install with npm install @octokit/endpoint
-
-```js
-const { endpoint } = require("@octokit/endpoint");
-// or: import { endpoint } from "@octokit/endpoint";
-```
-
- |
| - name - | -- type - | -- description - | -
|---|---|---|
- route
- |
- - String - | -
- If set, it has to be a string consisting of URL and the request method, e.g., GET /orgs/{org}. If it’s set to a URL, only the method defaults to GET.
- |
-
- options.method
- |
- - String - | -
- Required unless route is set. Any supported http verb. Defaults to GET.
- |
-
- options.url
- |
- - String - | -
- Required unless route is set. A path or full URL which may contain :variable or {variable} placeholders,
- e.g., /orgs/{org}/repos. The url is parsed using url-template.
- |
-
- options.baseUrl
- |
- - String - | -
- Defaults to https://api.github.com.
- |
-
- options.headers
- |
- - Object - | -
- Custom headers. Passed headers are merged with defaults: - headers['user-agent'] defaults to octokit-endpoint.js/1.2.3 (where 1.2.3 is the released version).- headers['accept'] defaults to application/vnd.github.v3+json.- |
-
- options.mediaType.format
- |
- - String - | -
- Media type param, such as raw, diff, or text+json. See Media Types. Setting options.mediaType.format will amend the headers.accept value.
- |
-
- options.mediaType.previews
- |
- - Array of Strings - | -
- Name of previews, such as mercy, symmetra, or scarlet-witch. See API Previews. If options.mediaType.previews was set as default, the new previews will be merged into the default ones. Setting options.mediaType.previews will amend the headers.accept value. options.mediaType.previews will be merged with an existing array set using .defaults().
- |
-
- options.data
- |
- - Any - | -
- Set request body directly instead of setting it to JSON based on additional parameters. See "The data parameter" below.
- |
-
- options.request
- |
- - Object - | -
- Pass custom meta information for the request. The request object will be returned as is.
- |
-
| - key - | -- type - | -- description - | -
|---|---|---|
method |
- String | -The http method. Always lowercase. | -
url |
- String | -The url with placeholders replaced with passed parameters. | -
headers |
- Object | -All header names are lowercased. | -
body |
- Any | -The request body if one is present. Only for PATCH, POST, PUT, DELETE requests. |
-
request |
- Object | -Request meta option, it will be returned as it was passed into endpoint() |
-