Feat: allow github OAuth

marceloavf / github-tools-vsts

📦:octocat:🚀 Create and modify GitHub Releases in Azure DevOps Build and Release Management

https://marketplace.visualstudio.com/items?itemName=marcelo-formentao.github-tools

MIT License

24 stars 15 forks source link

Feat: allow github OAuth #17

Closed marceloavf closed 6 years ago

marceloavf commented 6 years ago

Allow integration with OAuth authentication, not just Personal Access Token.

Return message about endpoint with token
Add to documentation the related issue as known issues or/and how connection should be

✅ Accept: scheme: 'PersonalAccessToken' 
✅ Accept: scheme: 'OAuth'

Endpoint:

Basic return

{
  parameters: 
     {
        accessToken: '********'
      },
  scheme: 'PersonalAccessToken'
}

Error reference:

Case 1

Error: missing required options: token

Case 2

Error status: 401  response body:{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

References: Code 1 Code 2 Code 3

Related to #16

clairernovotny commented 6 years ago

Is it possible to use an OAuth token instead of returning an error? What's the issue?

marceloavf commented 6 years ago

@onovotny, the library publish-release that's used to do all comunication with GitHub API require a token to authenticate it, I would have to investigate what OAuth token return and send it to publish-release instead of the normal token in the code below.

PRs are welcome! 🙌

https://github.com/marceloavf/github-tools-vsts/blob/24d167eff604393c38a3ac06db84ab523cfe7d98/Src/GithubReleasePublish/githubReleasePublish.js#L13-L14 https://github.com/remixz/publish-release/blob/master/index.js#L76

clairernovotny commented 6 years ago

I believe that it's as "easy" as changing line 76 there from 'Authorization': 'token ' + opts.token, to 'Authorization': 'Bearer ' + opts.token,,

Plus whatever overload/config it'd need to support both methods. Like PAT, it's just another type of Authorization header.

You don't have to get your own token, you'd use the GitHub endpoint authorization endpoint for that. VSTS would have already taken care of getting the bearer token. There may be a parameter on the endpoint authorization that shows the type, in addition to AccessToken

marceloavf commented 6 years ago

I didn't notice that @onovotny, thanks for the details, so Bearer can support both parameters?

I'll try to dig the documentation of EndpointAuthorization to see if it return more parameters, but I think it returns in other prop as you can see in #16

tomkerkhove commented 6 years ago

Would like this as well 👍

marceloavf commented 6 years ago

Working on it @tomkerkhove ✋ , meanwhile you can use token authentication!

tomkerkhove commented 6 years ago

Tested and verified ✔️ Thanks @marceloavf 🎉