Skip to content

Latest commit

 

History

History
87 lines (63 loc) · 3.09 KB

githuboauth.md

File metadata and controls

87 lines (63 loc) · 3.09 KB

GitHub

EveryAuth is the easiest way for your app to access GitHub APIs. Make sure to follow the EveryAuth setup instructions before adding GitHub support to your app.

Authorize access to GitHub

Add the following route to your Express app using EveryAuth middleware:

import everyauth from "@fusebit/everyauth-express";

// Add support for users to authorize access to GitHub APIs
router.use(
  "/githuboauth",
  everyauth.authorize("githuboauth", {
    finishedUrl: "/githuboauth/finished",
    mapToUserId: async (req) => "user-123", // req.user.id in production
  })
);

router.get("/githuboauth/finished", (req, res) => {
  res.send("Thank you for authorizing access to GitHub!");
});

When you want users of your app to authorize access to GitHub so that your app can call GitHub APIs on their behalf, redirect their browser to the /githuboauth endpoint above.

Call GitHub APIs

After a user has authorized your app to call GitHub APIs, you can use any Node.js SDK to make the call. EveryAuth recommends you use the octokit npm module.

First, use EveryAuth to resolve the identifier of the user of your app to GitHub credentials:

import everyauth from "@fusebit/everyauth-express";

// Get GitHub credentials for a specific user of your app
const userId = "user-123"; // req.user.id in production
const userCredentials = await everyauth.getIdentity("githuboauth", userId);

The GitHub credential returned has the following schema:

{
  "accessToken": "gho_...", // Current access token to GitHub APIs
  "native": {
    "scope": "public_repo,user", // Scopes that were granted
    "timestamp": 1649809787188, // Time the credential was established
    "access_token": "gho_..." // Current access token to GitHub APIs
  },
}

Then, instantiate the GitHub client and make the API calls you want:

import { Octokit as Client } from "octokit";

// Create GitHub SDK
const githubClient = new Client({ auth: userCredentials.accessToken });

// Call GitHub API
const { data } = await githubClient.rest.users.getAuthenticated();

Configure GitHub service

The shared GitHub OAuth client that EveryAuth provides out of the box supports basic permissions that allow you to call GitHub APIs right away. The following OAuth scopes are included:

  • user
  • public_repo

If you need to address more advanced scenarios, you need to create your own OAuth client and configure EveryAuth to use it. First create an OAuth application in GitHub, and then use the EveyAuth CLI to configure the GitHub service to use it:

everyauth service set githuboauth \
  --scope "{your-scopes}" \
  --clientId "{your-client-id}" \
  --clientSecret "{your-client-secret}

Resources

Introduction to EveryAuth
The octokit npm module
Create GitHub OAuth application
Fusebit