REST-API-Endpunkte für OAuth-Autorisierungen
Verwenden der REST-API für die Interaktion mit OAuth apps und OAuth-Autorisierungen von GitHub Apps
Informationen zu OAuth apps und OAuth-Autorisierungen von GitHub Apps
Sie können diese Endpunkte verwenden, um die OAuth-Token zu verwalten, die OAuth app oder GitHub Apps für den Zugriff auf die Konten von Personen auf GitHub verwenden.
Token für OAuth apps weisen das Präfix gho_
auf, während OAuth-Token für GitHub Apps, die für die Authentifizierung im Namen des Benutzers verwendet werden, das Präfix ghu_
aufweisen. Du kannst die folgenden Endpunkte für beide Typen von OAuth-Token verwenden.
Delete an app authorization
OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token
as an input parameter and the grant for the token's owner will be deleted.
Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.
Standardauthentifizierung für „Delete an app authorization“
Du musst die Standardauthentifizierung verwenden, um diesen Endpunkt nutzen zu können. Verwende die client_id
der Anwendung als Benutzername und das client_secret
als Passwort.
Parameter für „Delete an app authorization“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
client_id string ErforderlichThe client ID of the GitHub app. |
Name, type, BESCHREIBUNG |
---|
access_token string ErforderlichThe OAuth access token used to authenticate to the GitHub API. |
HTTP-Antwortstatuscodes für „Delete an app authorization“
Statuscode | BESCHREIBUNG |
---|---|
204 | No Content |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für „Delete an app authorization“
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/grant \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 204
Check a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND
.
Standardauthentifizierung für „Check a token“
Du musst die Standardauthentifizierung verwenden, um diesen Endpunkt nutzen zu können. Verwende die client_id
der Anwendung als Benutzername und das client_secret
als Passwort.
Parameter für „Check a token“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
client_id string ErforderlichThe client ID of the GitHub app. |
Name, type, BESCHREIBUNG |
---|
access_token string ErforderlichThe access_token of the OAuth or GitHub application. |
HTTP-Antwortstatuscodes für „Check a token“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für „Check a token“
Anforderungsbeispiel
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 200
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo",
"user"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "Iv1.8a61f9b3a7aba766"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678",
"expires_at": "2011-09-08T17:26:27Z",
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
}
Reset a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND
.
Standardauthentifizierung für „Reset a token“
Du musst die Standardauthentifizierung verwenden, um diesen Endpunkt nutzen zu können. Verwende die client_id
der Anwendung als Benutzername und das client_secret
als Passwort.
Parameter für „Reset a token“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
client_id string ErforderlichThe client ID of the GitHub app. |
Name, type, BESCHREIBUNG |
---|
access_token string ErforderlichThe access_token of the OAuth or GitHub application. |
HTTP-Antwortstatuscodes für „Reset a token“
Statuscode | BESCHREIBUNG |
---|---|
200 | OK |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für „Reset a token“
Anforderungsbeispiel
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 200
{
"id": 1,
"url": "https://api.github.com/authorizations/1",
"scopes": [
"public_repo",
"user"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "Iv1.8a61f9b3a7aba766"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678",
"expires_at": "2011-09-08T17:26:27Z",
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://api.github.com/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://api.github.com/users/octocat/followers",
"following_url": "https://api.github.com/users/octocat/following{/other_user}",
"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
"organizations_url": "https://api.github.com/users/octocat/orgs",
"repos_url": "https://api.github.com/users/octocat/repos",
"events_url": "https://api.github.com/users/octocat/events{/privacy}",
"received_events_url": "https://api.github.com/users/octocat/received_events",
"type": "User",
"site_admin": false
}
}
Delete an app token
OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization.
Standardauthentifizierung für „Delete an app token“
Du musst die Standardauthentifizierung verwenden, um diesen Endpunkt nutzen zu können. Verwende die client_id
der Anwendung als Benutzername und das client_secret
als Passwort.
Parameter für „Delete an app token“
Name, type, BESCHREIBUNG |
---|
accept string Setting to |
Name, type, BESCHREIBUNG |
---|
client_id string ErforderlichThe client ID of the GitHub app. |
Name, type, BESCHREIBUNG |
---|
access_token string ErforderlichThe OAuth access token used to authenticate to the GitHub API. |
HTTP-Antwortstatuscodes für „Delete an app token“
Statuscode | BESCHREIBUNG |
---|---|
204 | No Content |
422 | Validation failed, or the endpoint has been spammed. |
Codebeispiele für „Delete an app token“
Anforderungsbeispiel
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 204