Search code examples
javascriptnode.jsgithubgithub-apigithub-api-v3

GitHub API 401 Bad Credentials in Node but not curl

I'm trying to authenticate on Enterprise GitHub with @octokit/rest. If I use the following Curl I get a list of the API's URL's:

curl -u "[email protected]" https://api.github.<my domain>.com

when I run that I am prompted for a password where I enter my personal access token.

However, If I use the same details in my node application I get a 401 Bad Credentials response. This is how I'm configuring my authentication:

octokit.authenticate({
  baseUrl: 'https://api.github.<my domain>.com', 
  type: 'basic',
  username: '[email protected]',
  password: '<my personal access token>'
});

Based on the documentation I believe this should work. can anybody advise why it doesn't?

This is the full HTTP response I get:

{ HttpError: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
    at response.text.then.message (/node_modules/@octokit/rest/lib/request/request.js:72:19)
    at <anonymous>
    at process._tickCallback (internal/process/next_tick.js:188:7)
  name: 'HttpError',
  code: 401,
  status: undefined,
  headers: 
   { 'access-control-allow-origin': '*',
     'access-control-expose-headers': 'ETag, Link, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval',
     connection: 'close',
     'content-length': '83',
     'content-security-policy': 'default-src \'none\'',
     'content-type': 'application/json; charset=utf-8',
     date: 'Mon, 10 Sep 2018 13:20:12 GMT',
     'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
     server: 'GitHub.com',
     status: '401 Unauthorized',
     'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
     'x-content-type-options': 'nosniff',
     'x-frame-options': 'deny',
     'x-github-media-type': 'github.v3; format=json',
     'x-github-request-id': 'C8BA:76CE:24B2BB3:45F82A2:5B966F8B',
     'x-ratelimit-limit': '10',
     'x-ratelimit-remaining': '9',
     'x-ratelimit-reset': '1536585672',
     'x-runtime-rack': '0.039959',
     'x-xss-protection': '1; mode=block' } }

Addtional Information

This seems to be where my issue occurs:

let response = await method({
    q: "repo:" + repoOrg + "/" + repoName + " is:issue",
    per_page: 100
  });

This is similar to the example on the npm page. Is it in some way possible the authentication isn't getting appliet to this and if so how do I ensure it does get applied?

Solution

  • The .authenticate method does not accept a baseUrl parameter. You have to add it to the Octokit constructor, see https://github.com/octokit/rest.js#client-options

    Here's an example from my code:

    const octokit = require('@octokit/rest')({
  baseUrl: 'https://api.github.<my domain>.com'
})
octokit.authenticate({
  type: 'basic',
  username: '[email protected]',
  password: '<my personal access token>'
});