Open object-Object opened 6 days ago
Actually, the github app user access auth flow is a oauth workflow. Currently, you can do this as examples here:
from githubkit import GitHub
# auth as github app itself
g = GitHub(AppAuthStrategy(app_id, private_key, client_id, client_secret))
# switch to app user auth
user_github = g.with_auth(g.as_oauth_app().as_web_user(code))
Right, but I don't have code
anymore after the first login. Sorry, I think the example I gave maybe wasn't very good.
User logs into the app:
# initial login
github = GitHub(OAuthWebAuthStrategy(client_id, client_secret, code))
access_token, refresh_token = github.get_app_user_access_token()
write_tokens_to_database(user_id, access_token, refresh_token)
Later, maybe the next day and in a different part of the app, user uses the app without having to go through the OAuth web flow again:
# subsequent usages
access_token, refresh_token = read_tokens_from_database(user_id)
github = GitHub(AppUserAuthStrategy(client_id, client_secret, access_token, refresh_token))
So I think I wouldn't be able to use .as_web_user(code)
for the second one, because I don't have code
at that point, only the tokens I exchanged it for.
I see... It seems i need to add a simple (token, expire token) auth strategy for oauth app. I'm also developping a github app and i disable the token expire for the user token :joy:. I can use the simple token auth strategy for stored user token.
I'm writing an application that uses an expiring user access token to authenticate a GitHub App on behalf of a user. This process uses the OAuth web flow to generate an access token and refresh token; these are valid for 8 hours and 6 months, respectively. I want to store the access and refresh tokens so that users don't have to log in each time they use the app.
I see that githubkit has
OAuthWebAuthStrategy
, which is useful for the initial login; however, it seems like the access and refresh tokens are stored in private variables inOAuthWebAuth
, and I don't see an obvious public way to access them or to force it to fetch them. I also couldn't find anAuthStrategy
that takes an access or refresh token as the input.Ideally, this is the sort of code I would like to be able to write:
GitHub app user auth flow docs:
https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app#using-the-web-application-flow-to-generate-a-user-access-token
For comparison, here's how PyGithub's app user authentication works:
https://pygithub.readthedocs.io/en/stable/examples/Authentication.html#app-user-authentication