Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
octokit-auth-probot
Advanced tools
Readme
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
octokit-auth-probot
combines the authentication strategies:
It adds a new authentication type: "event-octokit"
, which allows to retrieve an Octokit instance which is correctly authenticated based on the Octokit constructors authentication (app
or token
) as well as the event, which either results in an installation access token authentication or, in case the event implies that the installation's access has been revoked, in an unauthenticated Octokit instance.
octokit-auth-probot
is not meant to be used by itself, but in conjuction with @octokit/core
or a compatible library.
Browsers |
Load
|
---|---|
Node |
Install with
|
⚠️ For usage in browsers: The private keys provided by GitHub are in
No conversion is needed in Node, both |
const { Octokit } = require("@octokit/core");
const { createProbotAuth } = require("octokit-auth-probot");
const ProbotOctokit = Octokit.defaults({
authStrategy: createProbotAuth,
});
const octokit = new ProbotOctokit({
auth: {
token: "secret 123",
},
});
Note: when using octokit.auth({ type: "installation", factory })
, factory(options)
will be called with options.octokit
, options.octokitOptions
, plus any other properties that have been passed to octokit.auth()
besides type
and factory
. In all other cases, octokit.auth()
will resolve with an oauth
authentication object, no matter the passed options.
const octokit = new ProbotOctokit({
auth: {
appId: 123,
privateKey: `----BEGIN RSA PRIVATE KEY----- ...`,
},
});
const octokit = new ProbotOctokit();
This is useful if you need to send a request without access to authentication. Probot's use case here is Create a GitHub App from a manifest (POST /app-manifests/{code}/conversions
), which is used to register a GitHub app and retrieve the credentials in return.
const eventOctokit = await octokit.auth({
type: "event-octokit",
event: { name: "push", payload: { installation: { id: 123 } } }, // event payload
});
eventOctokit
is now authenticated in one of three ways:
octokit
was authenticated using a token, eventOctokit
is authenticated with the same token. In fact, eventOctokit
is octokit
event
name is installation
and payload.action
is either suspend
or deleted
, then eventOctokit
is unauthenticated using @octokit/auth-unauthenticated
eventOctokit
is authenticated as installation based on payload.installation.id
FAQs
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
The npm package octokit-auth-probot receives a total of 20,646 weekly downloads. As such, octokit-auth-probot popularity was classified as popular.
We found that octokit-auth-probot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.