Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@octokit-next/oauth-authorization-url
Advanced tools
Universal library to retrieve GitHubâs identity URL for the OAuth web flow
Universal library to retrieve GitHub’s identity URL for the OAuth web flow
See GitHub’s Developer Guide for the OAuth App web application flow. Note that the OAuth web application flow for GitHub Apps is slightly different. GitHub Apps do not support scopes for its user access tokens (they are called user-to-server tokens for GitHub Apps), instead they inherit the user permissions from the GitHub App's registration and the repository/organization access and permissions from the respective installation.
Browsers |
Load
|
---|---|
Node |
Install with
|
Deno |
Load
|
const { url, clientId, redirectUrl, login, scopes, state } =
oauthAuthorizationUrl({
clientType: "oauth-app",
clientId: "1234567890abcdef1234",
redirectUrl: "https://example.com",
login: "octocat",
scopes: ["repo", "admin:org"],
state: "secret123",
});
const { url, clientId, redirectUrl, login, state } = oauthAuthorizationUrl({
clientType: "github-app",
clientId: "lv1.1234567890abcdef",
redirectUrl: "https://example.com",
login: "octocat",
state: "secret123",
});
name | description |
---|---|
clientId
| Required. The client ID you received from GitHub when you registered. |
clientType
|
Must be set to either |
redirectUrl
| The URL in your application where users will be sent after authorization. See Redirect URLs in GitHub’s Developer Guide. |
login
| Suggests a specific account to use for signing in and authorizing the app. |
scopes
|
Only relevant when An array of scope names (or: space-delimited list of scopes). If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with user scope and another token with repo scope, a third web flow that does not provide a scope will receive a token with user and repo scope. Defaults to |
state
|
An unguessable random string. It is used to protect against cross-site request forgery attacks.
Defaults to Math.random().toString(36).substr(2) .
|
allowSignup
|
Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. Use false in the case that a policy prohibits signups. Defaults to true .
|
baseUrl
|
When using GitHub Enterprise Server, set the baseUrl to the origin, e.g. https://github.my-enterprise.com .
|
oauthAuthorizationUrl()
returns an object with the following properties
name | description |
---|---|
allowSignup
|
Returns options.allowSignup if it was set. Defaults to true .
|
clientType
|
Returns options.clientType . Defaults to "oauth-app" .
|
clientId
|
Returns options.clientId .
|
login
|
Returns options.login if it was set. Defaults to null .
|
redirectUrl
|
Returns options.redirectUrl if it was set. Defaults to null .
|
scopes
|
Only set if Returns an array of strings. Returns |
state
|
Returns options.state if it was set. Defaults to Defaults to Math.random().toString(36).substr(2) .
|
url
| The authorization URL |
import {
ClientType,
OAuthAppOptions,
OAuthAppResult,
GitHubAppOptions,
GitHubAppResult,
} from "@octokit-next/oauth-authorization-url";
FAQs
Universal library to retrieve GitHubâs identity URL for the OAuth web flow
We found that @octokit-next/oauth-authorization-url demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.