Cette version de GitHub Enterprise Server n'est plus disponible depuis le 2024-03-26. Aucune publication de correctifs n’est effectuée, même pour les problèmes de sécurité critiques. Pour de meilleures performances, une sécurité améliorée et de nouvelles fonctionnalités, effectuez une mise à niveau vers la dernière version de GitHub Enterprise. Pour obtenir de l’aide sur la mise à niveau, contactez le support GitHub Enterprise.
Points de terminaison d’API REST pour les autorisations OAuth
Utilisez l’API REST pour interagir avec les OAuth apps et les autorisations OAuth des GitHub Apps
À propos des OAuth apps et des autorisations OAuth des GitHub Apps
Vous pouvez utiliser ces points de terminaison pour gérer les jetons OAuth que OAuth apps ou GitHub Apps utilise pour accéder aux comptes des personnes sur votre instance GitHub Enterprise Server.
Les jetons pour OAuth apps ont le préfixe gho_
, tandis que les jetons OAuth pour GitHub Apps, utilisés pour l’authentification au nom de l’utilisateur, ont le préfixe ghu_
. Vous pouvez utiliser les points de terminaison suivants pour les deux types de jetons OAuth.
Delete an app authorization
OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id
and client_secret
as the username and password. You must also provide a valid OAuth access_token
as an input parameter and the grant for the token's owner will be deleted.
Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.
Paramètres pour « Delete an app authorization »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
client_id string ObligatoireThe client ID of the GitHub app. |
Nom, Type, Description |
---|
access_token string ObligatoireThe OAuth access token used to authenticate to the GitHub API. |
Codes d’état de la réponse HTTP pour « Delete an app authorization »
Code d’état | Description |
---|---|
204 | No Content |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour « Delete an app authorization »
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/grant \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 204
Check a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the application client_id
and the password is its client_secret
. Invalid tokens will return 404 NOT FOUND
.
Paramètres pour « Check a token »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
client_id string ObligatoireThe client ID of the GitHub app. |
Nom, Type, Description |
---|
access_token string ObligatoireThe access_token of the OAuth or GitHub application. |
Codes d’état de la réponse HTTP pour « Check a token »
Code d’état | Description |
---|---|
200 | OK |
404 | Resource not found |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour « Check a token »
Exemple de requête
curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 200
{
"id": 1,
"url": "https://HOSTNAME/authorizations/1",
"scopes": [
"public_repo",
"user"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "Iv1.8a61f9b3a7aba766"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678",
"expires_at": "2011-09-08T17:26:27Z",
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
}
}
Reset a token
OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the application's client_id
and client_secret
as the username and password. Invalid tokens will return 404 NOT FOUND
.
Paramètres pour « Reset a token »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
client_id string ObligatoireThe client ID of the GitHub app. |
Nom, Type, Description |
---|
access_token string ObligatoireThe access_token of the OAuth or GitHub application. |
Codes d’état de la réponse HTTP pour « Reset a token »
Code d’état | Description |
---|---|
200 | OK |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour « Reset a token »
Exemple de requête
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 200
{
"id": 1,
"url": "https://HOSTNAME/authorizations/1",
"scopes": [
"public_repo",
"user"
],
"token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
"token_last_eight": "Ae178B4a",
"hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
"app": {
"url": "http://my-github-app.com",
"name": "my github app",
"client_id": "Iv1.8a61f9b3a7aba766"
},
"note": "optional note",
"note_url": "http://optional/note/url",
"updated_at": "2011-09-06T20:39:23Z",
"created_at": "2011-09-06T17:26:27Z",
"fingerprint": "jklmnop12345678",
"expires_at": "2011-09-08T17:26:27Z",
"user": {
"login": "octocat",
"id": 1,
"node_id": "MDQ6VXNlcjE=",
"avatar_url": "https://github.com/images/error/octocat_happy.gif",
"gravatar_id": "",
"url": "https://HOSTNAME/users/octocat",
"html_url": "https://github.com/octocat",
"followers_url": "https://HOSTNAME/users/octocat/followers",
"following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
"gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
"starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
"subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
"organizations_url": "https://HOSTNAME/users/octocat/orgs",
"repos_url": "https://HOSTNAME/users/octocat/repos",
"events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
"received_events_url": "https://HOSTNAME/users/octocat/received_events",
"type": "User",
"site_admin": false
}
}
Delete an app token
OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization. You must use Basic Authentication when accessing this endpoint, using the application's client_id
and client_secret
as the username and password.
Paramètres pour « Delete an app token »
Nom, Type, Description |
---|
accept string Setting to |
Nom, Type, Description |
---|
client_id string ObligatoireThe client ID of the GitHub app. |
Nom, Type, Description |
---|
access_token string ObligatoireThe OAuth access token used to authenticate to the GitHub API. |
Codes d’état de la réponse HTTP pour « Delete an app token »
Code d’état | Description |
---|---|
204 | No Content |
422 | Validation failed, or the endpoint has been spammed. |
Exemples de code pour « Delete an app token »
Exemple de requête
curl -L \
-X DELETE \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
-d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'
Response
Status: 204