diff --git a/README.md b/README.md index bd37a056a..e05f8a73d 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,16 @@ Connect-GitHubAccount -Host 'https://msx.ghe.com' ✓ Logged in as octocat! ``` +#### Using a different GitHub App for issuing User access tokens + +Instead of using our default GitHub App, you can use a different GitHub App to issue user access tokens. +You can use the `-ClientID` parameters to specify the app you want to use. + +```powershell +Connect-GitHubAccount -Host 'https://msx.ghe.com' -ClientID 'lv123456789' +✓ Logged in as octocat! +``` + ### Command Exploration Familiarize yourself with the available cmdlets using the module's comprehensive documentation or inline help. diff --git a/src/functions/private/Config/Reset-GitHubConfig.ps1 b/src/functions/private/Config/Reset-GitHubConfig.ps1 index 9586c2137..45204cb0e 100644 --- a/src/functions/private/Config/Reset-GitHubConfig.ps1 +++ b/src/functions/private/Config/Reset-GitHubConfig.ps1 @@ -33,8 +33,11 @@ AccessToken = [securestring]::new() AccessTokenExpirationDate = [datetime]::MinValue AccessTokenType = '' + AuthClientID = $null AuthType = '' + ClientID = '' DeviceFlowType = '' + HostName = '' RefreshToken = [securestring]::new() RefreshTokenExpirationDate = [datetime]::MinValue Scope = '' @@ -47,8 +50,11 @@ AccessTokenType = '' ApiBaseUri = 'https://api.github.com' ApiVersion = '2022-11-28' + AuthClientID = $null AuthType = '' + ClientID = '' DeviceFlowType = '' + HostName = '' Owner = '' RefreshToken = [securestring]::new() RefreshTokenExpirationDate = [datetime]::MinValue diff --git a/src/functions/public/API/Invoke-GitHubAPI.ps1 b/src/functions/public/API/Invoke-GitHubAPI.ps1 index eda8c93f0..761fa8532 100644 --- a/src/functions/public/API/Invoke-GitHubAPI.ps1 +++ b/src/functions/public/API/Invoke-GitHubAPI.ps1 @@ -136,6 +136,8 @@ } try { + Write-Verbose "Calling GitHub API with the following parameters:" + Write-Verbose ($APICall | ConvertFrom-HashTable | Format-List | Out-String) Invoke-RestMethod @APICall | ForEach-Object { $statusCode = $APICallStatusCode | ConvertTo-Json -Depth 100 | ConvertFrom-Json $responseHeaders = $APICallResponseHeaders | ConvertTo-Json -Depth 100 | ConvertFrom-Json diff --git a/src/functions/public/Auth/Connect-GitHubAccount.ps1 b/src/functions/public/Auth/Connect-GitHubAccount.ps1 index 2bc83ed2d..3cbe84c88 100644 --- a/src/functions/public/Auth/Connect-GitHubAccount.ps1 +++ b/src/functions/public/Auth/Connect-GitHubAccount.ps1 @@ -80,15 +80,15 @@ [Alias('PAT')] [switch] $AccessToken, - # The client ID for the GitHub App. + # The client ID for the GitHub App to use for authentication. + [Parameter(ParameterSetName = 'UAT')] [Parameter( Mandatory, ParameterSetName = 'App' )] - [Parameter(ParameterSetName = 'UAT')] [string] $ClientID, - # The private key for the GitHub App. + # The private key for the GitHub App when authenticating as a GitHub App. [Parameter( Mandatory, ParameterSetName = 'App' @@ -135,12 +135,12 @@ Write-Debug "GitHub token: [$gitHubToken]" $gitHubTokenPresent = $gitHubToken.count -gt 0 -and -not [string]::IsNullOrEmpty($gitHubToken) Write-Debug "GitHub token present: [$gitHubTokenPresent]" - $AuthType = if ($gitHubTokenPresent) { 'sPAT' } else { $PSCmdlet.ParameterSetName } + $AuthType = if ($gitHubTokenPresent) { 'IAT' } else { $PSCmdlet.ParameterSetName } Write-Verbose "AuthType: [$AuthType]" switch ($AuthType) { 'UAT' { Write-Verbose 'Logging in using device flow...' - $authClientID = $ClientID ?? $script:Auth.$Mode.ClientID + $authClientID = $ClientID ?? (Get-GitHubConfig -Name 'AuthClientID') ?? $script:Auth.$Mode.ClientID if ($Mode -ne (Get-GitHubConfig -Name 'DeviceFlowType' -ErrorAction SilentlyContinue)) { Write-Verbose "Using $Mode authentication..." $tokenResponse = Invoke-GitHubDeviceFlowLogin -ClientID $authClientID -Scope $Scope -HostName $HostName @@ -189,8 +189,10 @@ AccessTokenType = $tokenResponse.access_token -replace '_.*$', '_*' ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion + AuthClientID = $authClientID AuthType = $AuthType DeviceFlowType = $Mode + HostName = $HostName RefreshToken = ConvertTo-SecureString -AsPlainText $tokenResponse.refresh_token RefreshTokenExpirationDate = (Get-Date).AddSeconds($tokenResponse.refresh_token_expires_in) Scope = $tokenResponse.scope @@ -202,8 +204,10 @@ AccessTokenType = $tokenResponse.access_token -replace '_.*$', '_*' ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion + AuthClientID = $authClientID AuthType = $AuthType DeviceFlowType = $Mode + HostName = $HostName Scope = $tokenResponse.scope } } @@ -228,6 +232,7 @@ ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion AuthType = $AuthType + HostName = $HostName } Set-GitHubConfig @settings break @@ -235,17 +240,19 @@ 'App' { Write-Verbose 'Logging in as a GitHub App...' Reset-GitHubConfig -Scope 'Auth' - $jwt = Get-GitHubAppJWT -ClientID $ClientID -PrivateKey $PrivateKey + $jwt = Get-GitHubAppJWT -ClientId $ClientID -PrivateKey $PrivateKey $settings = @{ AccessToken = ConvertTo-SecureString -AsPlainText $jwt AccessTokenType = 'JWT' ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion AuthType = $AuthType + ClientID = $ClientID + HostName = $HostName } Set-GitHubConfig @settings } - 'sPAT' { + 'IAT' { Write-Verbose 'Logging in using GitHub access token...' Reset-GitHubConfig -Scope 'Auth' $prefix = $gitHubToken -replace '_.*$', '_*' @@ -254,7 +261,9 @@ AccessTokenType = $prefix ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion - AuthType = 'sPAT' + AuthType = 'IAT' + ClientID = $ClientID + HostName = $HostName } Set-GitHubConfig @settings } @@ -265,7 +274,7 @@ $app = Get-GitHubApp $username = $app.slug } - 'sPAT' { + 'IAT' { $username = 'system' } default { diff --git a/src/functions/public/Config/Get-GitHubConfig.ps1 b/src/functions/public/Config/Get-GitHubConfig.ps1 index 00e510ac9..64108ac39 100644 --- a/src/functions/public/Config/Get-GitHubConfig.ps1 +++ b/src/functions/public/Config/Get-GitHubConfig.ps1 @@ -21,22 +21,25 @@ function Get-GitHubConfig { # Choose a configuration name to get. [Parameter()] [ValidateSet( + 'All', 'AccessToken', 'AccessTokenExpirationDate', 'AccessTokenType', 'ApiBaseUri', 'ApiVersion', + 'AuthClientID', 'AuthType', + 'ClientID', 'DeviceFlowType', + 'HostName', 'Owner', 'RefreshToken', 'RefreshTokenExpirationDate', 'Repo', + 'Scope', 'SecretVaultName', 'SecretVaultType', - 'Scope', - 'UserName', - 'All' + 'UserName' )] [string] $Name = 'All' ) diff --git a/src/functions/public/Config/Set-GitHubConfig.ps1 b/src/functions/public/Config/Set-GitHubConfig.ps1 index b8cb3e567..ae346f9eb 100644 --- a/src/functions/public/Config/Set-GitHubConfig.ps1 +++ b/src/functions/public/Config/Set-GitHubConfig.ps1 @@ -41,14 +41,24 @@ function Set-GitHubConfig { [Parameter()] [string] $ApiVersion, + # Set the authentication client ID. + [Parameter()] + [string] $AuthClientID, + # Set the authentication type. [Parameter()] [string] $AuthType, + # Set the client ID. + [string] $ClientID, + # Set the device flow type. [Parameter()] [string] $DeviceFlowType, + # Set the API hostname. + [string] $HostName, + # Set the default for the Owner parameter. [Parameter()] [string] $Owner, @@ -90,15 +100,18 @@ function Set-GitHubConfig { AccessTokenType = $AccessTokenType ApiBaseUri = $ApiBaseUri ApiVersion = $ApiVersion + AuthClientID = $AuthClientID AuthType = $AuthType + ClientID = $ClientID DeviceFlowType = $DeviceFlowType + HostName = $HostName Owner = $Owner "$prefix`RefreshToken" = $RefreshToken RefreshTokenExpirationDate = $RefreshTokenExpirationDate Repo = $Repo + Scope = $Scope SecretVaultName = $SecretVaultName SecretVaultType = $SecretVaultType - Scope = $Scope UserName = $UserName }