npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@octokit/auth-oauth-device

v7.1.1

Published

GitHub OAuth Device authentication strategy for JavaScript

Downloads

4,286,423

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kfcampbellkfcampbellnickfloydnickfloydgr2mgr2moctokitbotoctokitbot

Keywords

githubapisdktoolkit

Readme

auth-oauth-device.js

GitHub OAuth Device authentication strategy for JavaScript

@latest Build Status

@octokit/auth-oauth-device is implementing one of GitHub’s OAuth Device Flow.

Usage

Browsers

Load @octokit/auth-oauth-device directly from esm.sh

<script type="module">
  import { createOAuthDeviceAuth } from "https://esm.sh/@octokit/auth-oauth-device";
</script>

Node

Install with npm install @octokit/core @octokit/auth-oauth-device

import { createOAuthDeviceAuth } from "@octokit/auth-oauth-device";

[!IMPORTANT] As we use conditional exports, you will need to adapt your tsconfig.json by setting "moduleResolution": "node16", "module": "node16".

See the TypeScript docs on package.json "exports". See this helpful guide on transitioning to ESM from @sindresorhus

For OAuth Apps

const auth = createOAuthDeviceAuth({
  clientType: "oauth-app",
  clientId: "1234567890abcdef1234",
  scopes: ["public_repo"],
  onVerification(verification) {
    // verification example
    // {
    //   device_code: "3584d83530557fdd1f46af8289938c8ef79f9dc5",
    //   user_code: "WDJB-MJHT",
    //   verification_uri: "https://github.com/login/device",
    //   expires_in: 900,
    //   interval: 5,
    // };

    console.log("Open %s", verification.verification_uri);
    console.log("Enter code: %s", verification.user_code);
  },
});

const tokenAuthentication = await auth({
  type: "oauth",
});
// resolves with
// {
//   type: "token",
//   tokenType: "oauth",
//   clientType: "oauth-app",
//   clientId: "1234567890abcdef1234",
//   token: "...", /* the created oauth token */
//   scopes: [] /* depend on request scopes by OAuth app */
// }

For GitHub Apps

GitHub Apps do not support scopes. Client IDs of GitHub Apps have a lv1. prefix. If the GitHub App has expiring user tokens enabled, the resulting authentication object has extra properties related to expiration and refreshing the token.

const auth = createOAuthDeviceAuth({
  clientType: "github-app",
  clientId: "lv1.1234567890abcdef",
  onVerification(verification) {
    // verification example
    // {
    //   device_code: "3584d83530557fdd1f46af8289938c8ef79f9dc5",
    //   user_code: "WDJB-MJHT",
    //   verification_uri: "https://github.com/login/device",
    //   expires_in: 900,
    //   interval: 5,
    // };

    console.log("Open %s", verification.verification_uri);
    console.log("Enter code: %s", verification.user_code);
  },
});

const tokenAuthentication = await auth({
  type: "oauth",
});
// resolves with
// {
//   type: "token",
//   tokenType: "oauth",
//   clientType: "github-app",
//   clientId: "lv1.1234567890abcdef",
//   token: "...", /* the created oauth token */
// }
// or if expiring user tokens are enabled
// {
//   type: "token",
//   tokenType: "oauth",
//   clientType: "github-app",
//   clientId: "lv1.1234567890abcdef",
//   token: "...", /* the created oauth token */
//   refreshToken: "...",
//   expiresAt: "2022-01-01T08:00:0.000Z",
//   refreshTokenExpiresAt: "2021-07-01T00:00:0.000Z",
// }

createOAuthDeviceAuth(options)

The createOAuthDeviceAuth method accepts a single options parameter

The onVerification() callback can be used to pause until the user completes step 2, which might result in a better user experience.

const auth = createOAuthDeviceAuth({
  clientId: "1234567890abcdef1234",
  onVerification(verification) {
    console.log("Open %s", verification.verification_uri);
    console.log("Enter code: %s", verification.user_code);

    await prompt("press enter when you are ready to continue");
  },
});

Must be either oauth-app or github-app. Defaults to oauth-app.

import { request } from "@octokit/request";
createOAuthDeviceAuth({
  clientId: "1234567890abcdef1234",
  clientSecret: "secret",
  request: request.defaults({
    baseUrl: "https://ghe.my-company.com/api/v3",
  }),
});

Only relevant if clientType is set to "oauth-app".

Array of scope names enabled for the token. Defaults to []. See available scopes.

auth(options)

The async auth() method returned by createOAuthDeviceAuth(options) accepts the following options

Only relevant if the clientType strategy options was set to "oauth-app"

Array of scope names enabled for the token. Defaults to what was set in the strategy options. See available scopes

Defaults to false. When set to false, calling auth(options) will resolve with a token that was previously created for the same scopes if it exists. If set to true a new token will always be created.

Authentication object

The async auth(options) method resolves to one of three possible objects

  1. OAuth APP user authentication
  2. GitHub APP user authentication with expiring tokens disabled
  3. GitHub APP user authentication with expiring tokens enabled

The differences are

  1. scopes is only present for OAuth Apps
  2. refreshToken, expiresAt, refreshTokenExpiresAt are only present for GitHub Apps, and only if token expiration is enabled

OAuth APP user authentication

GitHub APP user authentication with expiring tokens disabled

GitHub APP user authentication with expiring tokens enabled

auth.hook(request, route, parameters) or auth.hook(request, options)

auth.hook() hooks directly into the request life cycle. It amends the request to authenticate correctly based on the request URL.

The request option is an instance of @octokit/request. The route/options parameters are the same as for the request() method.

auth.hook() can be called directly to send an authenticated request

const { data: user } = await auth.hook(request, "GET /user");

Or it can be passed as option to request().

const requestWithAuth = request.defaults({
  request: {
    hook: auth.hook,
  },
});

const { data: user } = await requestWithAuth("GET /user");

Types

import {
  OAuthAppStrategyOptions,
  OAuthAppAuthOptions,
  OAuthAppAuthentication,
  GitHubAppStrategyOptions,
  GitHubAppAuthOptions,
  GitHubAppAuthentication,
  GitHubAppAuthenticationWithExpiration,
} from "@octokit/auth-oauth-device";

How it works

GitHub's OAuth Device flow is different from the web flow in two ways

  1. It does not require a URL redirect, which makes it great for devices and CLI apps
  2. It does not require the OAuth client secret, which means there is no user-owned server component required.

The flow has 3 parts (see GitHub documentation)

  1. @octokit/auth-oauth-device requests a device and user code
  2. Then the user has to open https://github.com/login/device (or it's GitHub Enterprise Server equivalent) and enter the user code
  3. While the user enters the code, @octokit/auth-oauth-device is sending requests in the background to retrieve the OAuth access token. Once the user completed step 2, the request will succeed and the token will be returned

Contributing

See CONTRIBUTING.md

License

MIT