search

octokit / oauth-app.js

GitHub OAuth toolset for Node.js
MIT License
76 stars 26 forks source link

[BUG]: Delete token fails using middleware #541

Closed Sammy-T closed 1 day ago

Sammy-T commented 1 week ago

What happened?

I have a project set up to use createWebWorkerHandler on Cloudflare Pages Functions. It works to get a user token but when I attempt a DELETE request to /api/github/oauth/token using the same token, I get a Not Found error.

The token is valid and I'm able to make other requests with it. I'm also able to delete the token by directly making a request to the REST api as shown in the docs but I'm unable to get it working using the middleware.

I've tried including the user token as a Bearer auth header and I've tried including the client_id and access_token as json in the request body.

The script implementing the middleware:

// functions/api/github/oauth/[[path]].js

import { OAuthApp, createWebWorkerHandler } from '@octokit/oauth-app';

export async function onRequest(context) {
    const { env, request } = context;

    const app = new OAuthApp({
        clientType: env.CLIENT_TYPE,
        clientId: env.CLIENT_ID,
        clientSecret: env.CLIENT_SECRET
    });

    const handleRequest = createWebWorkerHandler(app);

    return handleRequest(request);
}

Versions

Node v18.19.1, @octokit/oauth-app v7.1.3

Relevant log output

{
  "error": "Not Found - https://docs.github.com/rest/apps/oauth-applications#delete-an-app-token"
}

Code of Conduct

github-actions[bot] commented 1 week ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

Sammy-T commented 4 days ago

I found this while trying to trace back what was going on:

https://github.com/octokit/oauth-app.js/blob/a8d5e253b0b3cfed0b3684e7c5bb69120e46c906/src/middleware/handle-request.ts#L258-L259

So apparently the expected auth header is

Authorization: token [token]

but I was using 

Authorization: Bearer [token]

I'm glad I'm able to get this to work now but shouldn't it be a Bearer token?

gr2m commented 2 days ago

I think the Bearer prefix is only used for JSON Web Token authentication by GitHub Apps, everywhere else the token prefix is used. But I've seen both working at places 🤷

Just for our understanding, were you able to resolve the problem in your code, or is there still something we should address in this module?

Sammy-T commented 1 day ago

Ok, I wish I understood why but thanks for the reply.

My issue was that I'm used to working with the Bearer prefix on various platforms but I'd never seen the token prefix before and it wasn't clear to me from the README that token is the expected prefix.

But yes, I've got it working now so I'll close this issue.