Skip to content

Backed authentication user-to-server without device flow #455

New issue
New issue
Open
Open
Backed authentication user-to-server without device flow#455
Labels
Status: Up for grabsIssues that are ready to be worked on by anyoneType: SupportAny questions, information, or general needs around the SDK or GitHub APIshacktoberfestIssues for participation in Hacktoberfest
@funes79

Description

@funes79
funes79
opened on Mar 6, 2023

Maybe this questions does not belong here, but anyway I try. I tried to follow example code snippets from README but they are not very clear for me. I was able to authenticate Octokit using the simple auth (Personal Access Token) and using a device flow (Github app). But what I want to achieve is the user-to-server authentication without explicitly redirecting the user to a browser (because I run it in the backend) and without the need to pass the device code.

My GithubApp is already installed in the UserA's repository REPO with also the checkbox "Request user authorization (OAuth) during installation". So my undestanding is that the github app can act onbehalf of UserA in repository REPO. So how can I authenticate my node.js app and run for example a create commit or create issue?

I would like to see the commit/issue be created under "UserA created commit using [app name]"

Thanks!

my attempts:
OAuth - this creates a commit under user UserA. But there is no mention of the app, and it requires the Code input from UserA.

    const auth = createOAuthDeviceAuth({
        clientType: "oauth-app",
        clientId,
        scopes: ["public_repo"],
        onVerification(verification) {      
          console.log("Open %s", verification.verification_uri);
          console.log("Enter code: %s", verification.user_code);
        },
      });

      const tokenAuthentication = await auth({
        type: "oauth",
      });      

      const octokit = new Octokit({
            auth: tokenAuthentication.token, 
        });
       
      // await commit({octokit}) Some stuff

The other attempt, not sure what should I put into the code:

     const appOctokit = new Octokit({
        authStrategy: createAppAuth,
        auth: {
          appId,
          privateKey,
          clientId,
          clientSecret,
          installationId: 32225903
        },
      });

    const userOctokit = await appOctokit.auth({
        type: "oauth-user",
        code: "?? What should I put here??",
        factory: (options) => {
          return new Octokit({
            authStrategy: createOAuthUserAuth,
            auth: options,
          });
        },
      });
    console.log(userOctokit.login);
    const {
        data: { login },
      } = await userOctokit.request("GET /user");
    console.log("Hello, %s!", login);

Metadata

Metadata

Assignees

No one assigned

    Labels

    Status: Up for grabsIssues that are ready to be worked on by anyoneType: SupportAny questions, information, or general needs around the SDK or GitHub APIshacktoberfestIssues for participation in Hacktoberfest

    Type

    No type

    Projects

    🧰 Octokit Active

    Status

    🔥 Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions