search

CatP98 / Portfolio

Portefolio where anyone can find all my projects according to the languages and frameworks used
0 stars 0 forks source link

Authentication needed to make git api requests #1

Open CatP98 opened 6 days ago

CatP98 commented 6 days ago

{"message":"API rate limit exceeded for 94.61.54.88. (But here's the good news: Authenticated requests get a higher rate limit. Check out the documentation for more details.)","documentation_url":"https://docs.github.com/rest/overview/resources-in-the-rest-api#rate-limiting"}

The error you're seeing is due to GitHub's API rate limits, which restrict the number of unauthenticated API requests from a particular IP address. Unauthenticated requests have a much lower limit than authenticated ones. To resolve this issue and avoid hitting the rate limit, you should authenticate your requests using a personal access token (PAT).

Steps to Fix: Generate a GitHub Personal Access Token:

Go to GitHub's Token Settings. Click Generate new token. Select the necessary permissions (for accessing repositories, select repo). Copy the generated token. Use the Token in Your API Requests: Modify your API calls to include the token for authentication. You can pass the token in the Authorization header of your fetch requests.

Here's an example of how to modify your fetchData and fetchFrameworksAndTools functions to include authentication using the token:

githubApi.js Update The Authorization: token ${TOKEN} header sends your personal access token with each request. This authenticates the requests, allowing you to make a significantly higher number of requests before hitting the rate limit.

CatP98 commented 4 days ago

Found out OAuth app,: OAuth (Open Authorization) is a protocol that allows applications to access a user's data without needing their credentials. For a GitHub OAuth app:

User Authorization: The user clicks "Login with GitHub," redirecting them to GitHub’s login page. GitHub asks them to approve your app's access to their data. Authorization Code: Once approved, GitHub sends the user back to your app (via the callback URL) with an authorization code. Exchange Code for Token: Your app sends the authorization code to GitHub’s API to exchange it for an access token. Access GitHub Data: With the access token, your app can now make authenticated requests on the user’s behalf, like fetching their repositories or profile information. For the Homepage URL, it’s the main page of your app (e.g., portfolio). The Authorization Callback URL is where GitHub redirects after user authorization to handle the code exchange.

CatP98 commented 4 days ago

OAuth is beter for frontend apps, becaus:e No Need to Store Credentials: Users never need to provide their username and password to your app, reducing security risks. Token-Based Access: OAuth uses short-lived tokens, which minimizes exposure. If a token is compromised, its scope and lifetime are limited. Scalable Authentication: OAuth allows easy integration with GitHub and other platforms, giving access to a wide range of user data securely. Delegated Permissions: Users can grant access to specific data (e.g., repositories) without giving full control over their account. For frontend apps hosted on GitHub Pages, OAuth ensures secure interactions without server-side infrastructure

CatP98 commented 4 days ago

You would typically exchange the code for an access token, by sending it to a backend server, which then communicates with GitHub. In frontend-only apps, we can't securely manage this step on GitHub Pages. You should ideally handle the token exchange on a backend server -> backend