octokit / authentication-strategies.js Goto Github PK

Looking to set up a downloading and web streaming site and connecting it to a e-commerce website and connecting it to archangelust.com

If this is the wrong place to post this issue, happy to post this elsewhere --

I’m trying to instantiate Octokit with authStrategy createAppAuth with an app ID that I’ve retrieved by using the /orgs/{org}/installations endpoint. I used this endpoint by instantiating Octokit using a personal access token.

After listing installed apps, I could see the app in the returned JSON list that I wanted to use for the createAuthApp authStrategy. I copied its app ID from the app_id field.

I then went into the settings for the app and generated a brand new private key.

For testing purposes, I’ve stored my private key in my js file like this:

const privateKey = `
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
`.trim()

I then try to instantiate Octokit with the private key and the app ID.

const appOctokit = new Octokit({
  authStrategy: createAppAuth,
  auth: {
    appId: 1,
    baseUrl, // I'm using this same baseUrl when instantiating with personal access token
    privateKey
  }
});

Then I try to make a request to the /app endpoint with this new instance:

const { data } = await appOctokit.request('/app');
console.log(data);

I get this error, though: RequestError [HttpError]: Integration not found

After creating a private key for an app ID that appears to exist when using the /orgs/{org}/installations endpoint, it appears that I can’t find the app when instantiating with the createAppAuth helper.

Am I doing something wrong here?

Thanks for the help!

In the README there is a strategy called "oauth user client authentication" (https://github.com/octokit/authentication-strategies.js/?tab=readme-ov-file#oauth-user-client-authentication) that allows to authenticate non-secure clients that does not have a clientSecret. There is no work done in the reported repository in the last 3 years.. Is it a wanted feature? I need this for a CLI, is there any other viable option?

🆕🐥☝ First Timers Only.

This issue is reserved for people who never contributed to Open Source before. We know that the process of creating a pull request is the biggest barrier for new contributors. This issue is for you 💝

About First Timers Only.

🤔 What you will need to know.

The Pika CDN is now Skypack, see https://www.pika.dev/cdn. The CDN at https://cdn.pika.dev/ no longer works, all URLs must be replaced with the new CDN: https://cdn.skypack.dev/. We currently recommend using cdn.pika.dev to import the library into the browser, but that no longer works. Replacing it with cdn.skypack.dev will make it work again.

📋 Step by Step

• 🙋 Claim this issue: Comment below.

  More than one person can work on this issue, don't worry if it's already claimed.

• 📝 Update the file \README.md (press the little pen Icon) and edit as shown below:

@@ -31,7 +31,7 @@ GitHub supports 4 authentication strategies. They are all implemented in `@octok
 Browsers
 </th><td width=100%>
 
-Load `@octokit/auth` directly from [cdn.pika.dev](https://cdn.pika.dev)
+Load `@octokit/auth` directly from [cdn.skypack.dev](https://cdn.skypack.dev)
 
 ```html
 <script type="module">
@@ -40,7 +40,7 @@ Load `@octokit/auth` directly from [cdn.pika.dev](https://cdn.pika.dev)
     createAppAuth,
     createOAuthAppAuth,
     createTokenAuth,
-  } from "https://cdn.pika.dev/@octokit/auth";
+  } from "https://cdn.skypack.dev/@octokit/auth";
 </script>
 ```
 

• 💾 Commit your changes

• 🔀 Start a Pull Request. There are two ways how you can start a pull request:

  1. If you are familiar with the terminal or would like to learn it, here is a great tutorial on how to send a pull request using the terminal.
  2. You can edit files directly in your browser

• 🏁 Done Ask for a review :)

If there are more than one pull requests with the correct change, we will merge the first one, but attribute the change to all authors who made the same change using @Co-authored-by, so yo can be sure your contribution will count.

🤔❓ Questions

Leave a comment below!

This issue was created by First-Timers-Bot.

This issue contains a list of Renovate updates and their statuses.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to ignore the schedule.

• fix(deps): lock file maintenance

• Check this box to trigger a request for Renovate to run again on this repository

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two-Factor Authentication, make configure the auth-only level is supported. semantic-release cannot publish with the default auth-and-writes level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Cannot push to the Git repository.

semantic-release cannot push the version tag to the branch master on the remote Git repository with URL https://x-access-token:[secure]@github.com/octokit/auth.js.

This can be caused by:

• a misconfiguration of the repositoryUrl option
• the repository being unavailable
• or missing push permission for the user configured via the Git credentials on your CI environment

Good luck with your project ✨

Your semantic-release bot 📦🚀

see https://github.com/octokit/auth-token.js for reference. The more important bit is the auth.hook() method as it can be directly passed as options.request.hook to @octokit/request and all the Octokit libraries based on it.

Not sure what people would build as I think I covered all necessary authentication methods, but who knows :)

See https://docs.github.com/en/developers/apps/authorizing-oauth-apps#device-flow. The OAuth device flow was introduced with GHES 2.22, previous versions do not support it.

The device flow is an alternative to the web flow.

The device flow is great for CLI Apps as it does not require an http redirect. Instead the token is pulled from the app requesting it. Once the user grants access to the app using the device flow, the app will retrieve the token.

The devDependency @types/jest was updated from 24.0.23 to 24.0.24.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/jest is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴

The devDependency @types/jest was updated from 24.0.24 to 24.0.25.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

@types/jest is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Your Greenkeeper Bot 🌴