octokit-auth-probot
Advanced tools
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
octokit-auth-probot combines the authentication strategies:
It adds a new authentication type: "event-octokit", which allows to retrieve an Octokit instance which is correctly authenticated based on the Octokit constructors authentication (app or token) as well as the event, which either results in an installation access token authentication or, in case the event implies that the installation's access has been revoked, in an unauthenticated Octokit instance.
octokit-auth-probot is not meant to be used by itself, but in conjuction with @octokit/core or a compatible library.
| Browsers |
Load |
|---|---|
| Node |
Install with |
|
⚠️ For usage in browsers: The private keys provided by GitHub are in No conversion is needed in Node, both |
const { Octokit } = require("@octokit/core");
const { createProbotAuth } = require("octokit-auth-probot");
const ProbotOctokit = Octokit.defaults({
authStrategy: createProbotAuth,
});
const octokit = new ProbotOctokit({
auth: {
token: "secret 123",
},
});
Note: when using octokit.auth({ type: "installation", factory }), factory(options) will be called with options.octokit, options.octokitOptions, plus any other properties that have been passed to octokit.auth() besides type and factory. In all other cases, octokit.auth() will resolve with an oauth authentication object, no matter the passed options.
const octokit = new ProbotOctokit({
auth: {
appId: 123,
privateKey: `----BEGIN RSA PRIVATE KEY----- ...`,
},
});
const octokit = new ProbotOctokit();
This is useful if you need to send a request without access to authentication. Probot's use case here is Create a GitHub App from a manifest (POST /app-manifests/{code}/conversions), which is used to register a GitHub app and retrieve the credentials in return.
const eventOctokit = await octokit.auth({
type: "event-octokit",
event: { name: "push", payload: { installation: { id: 123 } } }, // event payload
});
eventOctokit is now authenticated in one of three ways:
octokit was authenticated using a token, eventOctokit is authenticated with the same token. In fact, eventOctokit is octokitevent name is installation and payload.action is either suspend or deleted, then eventOctokit is unauthenticated using @octokit/auth-unauthenticatedeventOctokit is authenticated as installation based on payload.installation.idFAQs
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
The npm package octokit-auth-probot receives a total of 17,119 weekly downloads. As such, octokit-auth-probot popularity was classified as popular.
We found that octokit-auth-probot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Deno 2.2 enhances Node.js compatibility, improves dependency management, adds OpenTelemetry support, and expands linting and task automation for developers.
Security News
React's CRA deprecation announcement sparked community criticism over framework recommendations, leading to quick updates acknowledging build tools like Vite as valid alternatives.
Security News
Ransomware payment rates hit an all-time low in 2024 as law enforcement crackdowns, stronger defenses, and shifting policies make attacks riskier and less profitable.