英文:
How do I authenticate with a GitHub app on behalf of a user using the device flow?
问题
我所做的事情(文档):
-
创建一个应用程序(https://github.com/settings/apps)
-
登录
$ curl -X POST \ -H 'Accept: application/json' \ 'https://github.com/login/device/code?client_id=...' {"device_code":"...","user_code":"...","verification_uri":"https://github.com/login/device",...} // 在https://github.com/login/device上授权应用 $ curl -X POST \ -H 'Accept: application/json' \ 'https://github.com/login/oauth/access_token?client_id=...&device_code=...&grant_type=urn:ietf:params:oauth:grant-type:device_code' {"access_token":"...", ...} -
发起请求
$ curl -L -H 'Accept: application/vnd.github+json' \ -H 'Authorization: Bearer ...' \ -H 'X-GitHub-Api-Version: 2022-11-28' \ https://api.github.com/repos/x-yuri/test-pub-repo/keys {"message": "Resource not accessible by integration",...} $ curl -L -H 'Accept: application/vnd.github+json' \ -H 'Authorization: Bearer ...' \ -H 'X-GitHub-Api-Version: 2022-11-28' \ https://api.github.com/repos/x-yuri/test-private-repo/keys {"message": "Not Found", ...}
我正在使用我的个人账户(GitHub Free)。
英文:
What I do (the docs):
-
Create an app (https://github.com/settings/apps)
- GitHub App name:
some-unique-name - Homepage URL: https://example.com (yeah, example.com, because I only need access to GitHub API from CLI, any better ideas?)
- check Enable Device Flow
- uncheck Active in the Webhooks section
- repository permissions: Administration: read and write (which also adds Metadata: read-only)
- GitHub App name:
-
Log in
$ curl -X POST \ -H 'Accept: application/json' \ 'https://github.com/login/device/code?client_id=...' {"device_code":"...","user_code":"...","verification_uri":"https://github.com/login/device",...} // authorize the app at https://github.com/login/device $ curl -X POST \ -H 'Accept: application/json' \ 'https://github.com/login/oauth/access_token?client_id=...&device_code=...&grant_type=urn:ietf:params:oauth:grant-type:device_code' {"access_token":"...", ...} -
Make a request
$ curl -L -H 'Accept: application/vnd.github+json' \ -H 'Authorization: Bearer ...' \ -H 'X-GitHub-Api-Version: 2022-11-28' \ https://api.github.com/repos/x-yuri/test-pub-repo/keys {"message": "Resource not accessible by integration",...} $ curl -L -H 'Accept: application/vnd.github+json' \ -H 'Authorization: Bearer ...' \ -H 'X-GitHub-Api-Version: 2022-11-28' \ https://api.github.com/repos/x-yuri/test-private-repo/keys {"message": "Not Found", ...}
I'm using my personal account (GitHub Free).
What am I missing?
答案1
得分: 1
缺失的部分是安装GitHub应用程序。安装应用程序会赋予应用程序在创建时指定的权限。结果的权限是用户(授权应用程序的用户)和应用程序的权限的交集:
同样,用户访问令牌只能访问用户和应用程序都可以访问的资源。例如,如果应用程序被授予对存储库A和B的访问权限,而用户可以访问存储库B和C,那么用户访问令牌只能访问存储库B,而不能访问A或C。
如何操作可以在此处找到a。
英文:
The missing part was installing the GitHub app. Installing an app gives the app the permissions specified when creating the app. And the resulting permissions are intersection of the user's (who authorizes the app) and app's permissions:
> Similarly, a user access token can only access resources that both the user and app can access. For example, if an app is granted access to repository A and B, and the user can access repository B and C, the user access token can access repository B but not A or C.
A howto can be found here.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论