Fetching latest commit…
auth.js
GitHub API authentication library for browsers and Node.js
GitHub supports 4 authentication strategies. They are all implemented in @octokit/auth.
- Example usage
- Comparison
- Token authentication
- Basic and personal access token authentication
- GitHub App or installation authentication
- OAuth app and OAuth access token authentication
- GitHub Action authentication
- License
Example usage
| Browsers |
Load <script type="module">
import {
createBasicAuth,
createAppAuth,
createOAuthAppAuth,
createTokenAuth,
} from "https://cdn.pika.dev/@octokit/auth";
</script> |
|---|---|
| Node |
Install with const {
createBasicAuth,
createAppAuth,
createOAuthAppAuth,
createTokenAuth,
createActionAuth,
} = require("@octokit/auth");
// or:
// import {
// createBasicAuth,
// createAppAuth,
// createOAuthAppAuth,
// createTokenAuth,
// createActionAuth
// } from "@octokit/auth"; |
const auth = createBasicAuth({
username: "monatheoctocat",
password: "secret",
on2Fa() {
return prompt("Two-factor authentication Code:");
},
});Each function exported by @octokit/auth returns an async auth function.
The auth function resolves with an authentication object. If multiple authentication types are supported, a type parameter can be passed.
const { token } = await auth({ type: "token" });Additionally, auth.hook() can be used to directly hook into @octokit/request. If multiple authentication types are supported, the right authentication type will be applied automatically based on the request URL.
const requestWithAuth = request.defaults({
request: {
hook: auth.hook,
},
});
const { data: authorizations } = await requestWithAuth("GET /authorizations");Comparison
| Module | Strategy Options | Auth Options | Authentication objects | ||
|---|---|---|---|---|---|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
| |
|
|
|
|
| ||
Token authentication
Example
const auth = createTokenAuth("1234567890abcdef1234567890abcdef12345678");
const { token, tokenType } = await auth();See @octokit/auth-token for more details.
Basic and personal access token authentication
Example
const auth = createBasicAuth({
username: "octocat",
password: "secret",
async on2Fa() {
// prompt user for the one-time password retrieved via SMS or authenticator app
return prompt("Two-factor authentication Code:");
},
});
const { token } = await auth();
const { totp } = await auth({
type: "basic",
});See @octokit/auth-basic for more details.
GitHub App or installation authentication
Example
const auth = createAppAuth({
id: 1,
privateKey: "-----BEGIN RSA PRIVATE KEY-----\n...",
});
const appAuthentication = await auth({ type: "auth" });
const installationAuthentication = await auth({
type: "installation",
installationId: 123,
});See @octokit/auth-app for more details.
OAuth app and OAuth access token authentication
Example
const auth = createOAuthAppAuth({
clientId: "1234567890abcdef1234",
clientSecret: "1234567890abcdef1234567890abcdef12345678",
code: "random123", // code from OAuth web flow, see https://git.io/fhd1D
});
const appAuthentication = await auth({
type: "oauth-app",
url: "/orgs/:org/repos",
});
const tokenAuthentication = await auth({ type: "token" });See @octokit/auth-oauth-app for more details.
GitHub Action authentication
Example
// expects process.env.GITHUB_ACTION and process.env.GITHUB_TOKEN to be set
const auth = createActionAuth();
const { token } = await auth();See @octokit/auth-action for more details.