I'm looking to access an endpoint that lets me revoke my Github app's authorization. I'm quite confused on the issue, because.
I've tried using all 3 of them, but all of them gave me 404 errors.
In 2 of the endpoints listed above, it says that:
You must use Basic Authentication when accessing this endpoint, using the application's client_id and client_secret as the username and password.
However, none of the example codes for them include client_secret, always just client_id.
I'm using RestAPI to do my calls. Here's my code:
chrome.storage.local.get(["github_token"]).then((result) => {
let token = result.github_token;
if (token) {
let client_id = import.meta.env.VITE_CLIENT_ID
const URL = `https://api.github.com/applications/${client_id}/grant`;
const xhr = new XMLHttpRequest();
xhr.addEventListener('readystatechange', function () {
if (xhr.readyState === 4) {
if (xhr.status === 204) {
console.log("logged out")
navigate('/auth')
} else {
console.log("awww fuck")
}
}
});
xhr.open('DELETE', URL, true);
xhr.setRequestHeader('Authorization', `token ${token}`);
xhr.setRequestHeader('Accept', 'application/vnd.github.v3+json');
xhr.send();
} else {
// smth went wrong
}
})
I was having the same issue in a NODE.js API, after doing some research and testing, I found the way sending client_id and client_secret as basic authentication in the header instead of Bearer with access_token, and the access_token as data in the delete request.
I can provide a code snippet in JavaScript using Axios that might help:
const revokeAccess = await axios.delete(
`https://api.github.com/applications/${CLIENT_ID_GITHUB}/grant`,
{
headers: {
Authorization: `Basic ${Buffer.from(CLIENT_ID_GITHUB + ':' + CLIENT_SECRET_GITHUB).toString('base64')}`,
Accept: 'application/vnd.github+json',
'X-GitHub-Api-Version': '2022-11-28',
},
data: {
access_token: access_token,
}
}
);
Give this a try, and let me know if it helps resolve your issue!