通过Github API获取令牌

Question

我手动创建了一个令牌Github -> Settings -> Personal access tokens -> Generate new token并仅选择了repo scope.

这个令牌工作正常,所以有了它,我可以进入我有write权限的组织.

然后我想做同样的事情(得到一个access_token)github-api.

params = dict(client_id=client_id,
              client_secret=client_secret,
              code=code)

url = url_concat("https://github.com/login/oauth/access_token", params)

req = HTTPRequest(url,
                  method="POST",
                  headers={"Accept": "application/json"},
                  body="") 

结果我有这样的json:

{
    'scope': 'repo',
    'token_type': 'bearer',
    'access_token': 'xxxxxxxx10755fbb6c281e92902ed122144886c5'
}

这一切都是正确的,但我不能进入我有write权限的组织回购.我只能推进自己的回购.

你能帮忙吗？任何想法错误或不准确的地方都是受欢迎的.

Answer 1

因此,如果您想通过GitHub的API执行此操作,您的请求需要更改.

首先,您需要像这样使用/authorizations端点:

POST /authorizations
Authorization: Basic ...
Content-Type: application/json
Content-Length: ...

{
  "scopes": [
    "repo",
    "write:org"
  ],
  "note": "Example from StackOverflow by @sigmavirus24",
  "client_id": "Your client_id here",
  "client_secret": "Your client_secret here",
  "fingerprint": "1234",
}

然后应该返回一个201 Created像这样的正文的响应:

{
  "id": 72249124,
  "url": "https://api.github.com/authorizations/72249124",
  "scopes": [
    "repo",
    "write:org"
  ],
  "token": "abcdefgh12345678",
  "token_last_eight": "12345678",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "abcde12345fghij67890"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2017-02-08T20:39:23Z",
  "created_at": "2017-02-08T17:26:27Z",
  "fingerprint": "1234"
}

除非它是真实的.

也就是说,您似乎正在尝试使用允许GitHub用作身份验证提供程序的端点.换句话说,您正在构建一个允许用户使用GitHub登录的应用程序.如果是这种情况,那么您需要专门遵循OAuth的Web应用程序流程.

在这种情况下,你是那里的一部分,但你发送错误的参数.

首先你提出一个GET请求:

GET https://github.com/login/oauth/authorize?client_id=<your-client_id>&scopes=repo%20write:org&state=something-random

然后,您将从GitHub接收数据,您必须在POST中使用

POST https://github.com/login/oauth/access_token?client_id=<your-client_id>&client_secret=<your-client_secret>&code=<code-from-github>
Accept: application/json

之后,您提出的任何要求都必须具备

Authorization: token <token-received-in-response-to-POST>

干杯!