octokit-auth-probot
Advanced tools
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
octokit-auth-probot combines the authentication strategies:
It adds a new authentication type: "event-octokit", which allows to retrieve an Octokit instance which is correctly authenticated based on the Octokit constructors authentication (app or token) as well as the event, which either results in an installation access token authentication or, in case the event implies that the installation's access has been revoked, in an unauthenticated Octokit instance.
octokit-auth-probot is not meant to be used by itself, but in conjuction with @octokit/core or a compatible library.
| Browsers |
Load |
|---|---|
| Node |
Install with |
|
⚠️ For usage in browsers: The private keys provided by GitHub are in No conversion is needed in Node, both |
const { Octokit } = require("@octokit/core");
const { createProbotAuth } = require("octokit-auth-probot");
const ProbotOctokit = Octokit.defaults({
authStrategy: createProbotAuth,
});
const octokit = new ProbotOctokit({
auth: {
token: "secret 123",
},
});
Note: when using octokit.auth({ type: "installation", factory }), factory(options) will be called with options.octokit, options.octokitOptions, plus any other properties that have been passed to octokit.auth() besides type and factory. In all other cases, octokit.auth() will resolve with an oauth authentication object, no matter the passed options.
const octokit = new ProbotOctokit({
auth: {
appId: 123,
privateKey: `----BEGIN RSA PRIVATE KEY----- ...`,
},
});
const octokit = new ProbotOctokit();
This is useful if you need to send a request without access to authentication. Probot's use case here is Create a GitHub App from a manifest (POST /app-manifests/{code}/conversions), which is used to register a GitHub app and retrieve the credentials in return.
const eventOctokit = await octokit.auth({
type: "event-octokit",
event: { name: "push", payload: { installation: { id: 123 } } }, // event payload
});
eventOctokit is now authenticated in one of three ways:
octokit was authenticated using a token, eventOctokit is authenticated with the same token. In fact, eventOctokit is octokitevent name is installation and payload.action is either suspend or deleted, then eventOctokit is unauthenticated using @octokit/auth-unauthenticatedeventOctokit is authenticated as installation based on payload.installation.idFAQs
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
The npm package octokit-auth-probot receives a total of 20,872 weekly downloads. As such, octokit-auth-probot popularity was classified as popular.
We found that octokit-auth-probot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.