Search code examples
gitgithubaccess-tokengithub-api

Get a token by Github API

I manually created a token in Github -> Settings -> Personal access tokens -> Generate new token and chose only repo scope.

This token works fine, so with it I can push into organization I have write privileges.

Then I want to do the same (get an access_token) by github-api.

params = dict(client_id=client_id,
              client_secret=client_secret,
              code=code)

url = url_concat("https://github.com/login/oauth/access_token", params)

req = HTTPRequest(url,
                  method="POST",
                  headers={"Accept": "application/json"},
                  body="")

As a result I have such json:

{
    'scope': 'repo',
    'token_type': 'bearer',
    'access_token': 'xxxxxxxx10755fbb6c281e92902ed122144886c5'
}

It is as everything correct, but I can't push into organization repos where I have write privileges. I can push only into my own repos.

Could you help? Any idea where is a mistake or inaccuracy is welcome.

Solution

  • So if you want to do this via GitHub's API, your request needs to change.

    First you need to be using the /authorizations endpoint like so:

    POST /authorizations
Authorization: Basic ...
Content-Type: application/json
Content-Length: ...

{
  "scopes": [
    "repo",
    "write:org"
  ],
  "note": "Example from StackOverflow by @sigmavirus24",
  "client_id": "Your client_id here",
  "client_secret": "Your client_secret here",
  "fingerprint": "1234",
}

    This should then return a 201 Created response with a body like so:

    {
  "id": 72249124,
  "url": "https://api.github.com/authorizations/72249124",
  "scopes": [
    "repo",
    "write:org"
  ],
  "token": "abcdefgh12345678",
  "token_last_eight": "12345678",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "abcde12345fghij67890"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2017-02-08T20:39:23Z",
  "created_at": "2017-02-08T17:26:27Z",
  "fingerprint": "1234"
}

    Except it will be real.

    That said, it appears that you're trying to use the endpoint that allows GitHub to be used as an authentication provider. In other words, you're building an application that allows users to sign-in with GitHub. If that's the case, then you need to specifically follow the Web Application Flow for OAuth.

    In that case, you're part of the way there but you're sending the wrong parameters.

    First you make a GET request:

    GET https://github.com/login/oauth/authorize?client_id=<your-client_id>&scopes=repo%20write:org&state=something-random

    Then you will receive data back from GitHub which you must use in your POST

    POST https://github.com/login/oauth/access_token?client_id=<your-client_id>&client_secret=<your-client_secret>&code=<code-from-github>
Accept: application/json

    After that, any request you make must have

    Authorization: token <token-received-in-response-to-POST>

    Cheers!