Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
github-auth-library
Advanced tools
The github-auth-library
is a Node.js library designed to handle OAuth authentication with GitHub. It provides a simple interface to authenticate users, retrieve access tokens, and fetch user details using GitHub's API. This library is designed to follow the SOLID principles, making it extensible and maintainable.
npm install github-auth-library
To use the library, you need to initialize the GitHubSDK
with your GitHub OAuth application's client ID and client secret.
const GitHubSDK = require("github-auth-library");
const githubSDK = new GitHubSDK(
"YOUR_GITHUB_CLIENT_ID",
"YOUR_GITHUB_CLIENT_SECRET"
);
You can exchange the authorization code received from GitHub for an access token using the getToken
method.
const code = "AUTHORIZATION_CODE_RECEIVED_FROM_GITHUB";
const redirectUri = "YOUR_REDIRECT_URI";
githubSDK
.getToken(code, redirectUri)
.then((token) => {
console.log("Access Token:", token);
})
.catch((error) => {
console.error("Error getting access token:", error);
});
Once you have the access token, you can fetch the user details using the getUserInfo
method.
const token = {
access_token: "YOUR_ACCESS_TOKEN",
};
githubSDK
.getUserInfo(token)
.then((userInfo) => {
console.log("User Info:", userInfo);
})
.catch((error) => {
console.error("Error getting user info:", error);
});
getToken(code, redirectUri)
code
(string): The authorization code received from GitHub.redirectUri
(string): The redirect URI registered with your GitHub OAuth application.getUserInfo(token)
token
(object): An object containing the access token (access_token
).Here is an example of using the github-auth-library
in an Express.js application to handle GitHub OAuth authentication.
const express = require("express");
const GitHubSDK = require("github-auth-library");
const app = express();
const githubSDK = new GitHubSDK(
"YOUR_GITHUB_CLIENT_ID",
"YOUR_GITHUB_CLIENT_SECRET"
);
app.post("/github-auth", async (req, res) => {
const { code, redirectUri } = req.body;
try {
const token = await githubSDK.getToken(code, redirectUri);
const userInfo = await githubSDK.getUserInfo(token);
res.status(200).json({ user: userInfo, token });
} catch (error) {
res.status(401).json({ message: "Unauthorized", error });
}
});
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`Server is running on port ${PORT}`);
});
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
FAQs
A Node.js SDK for GitHub OAuth and User APIs
The npm package github-auth-library receives a total of 1 weekly downloads. As such, github-auth-library popularity was classified as not popular.
We found that github-auth-library demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.