octokit-auth-probot
Advanced tools
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
octokit-auth-probot combines the authentication strategies:
It adds a new authentication type: "event-octokit", which allows to retrieve an Octokit instance which is correctly authenticated based on the Octokit constructors authentication (app or token) as well as the event, which either results in an installation access token authentication or, in case the event implies that the installation's access has been revoked, in an unauthenticated Octokit instance.
octokit-auth-probot is not meant to be used by itself, but in conjuction with @octokit/core or a compatible library.
| Browsers |
Load |
|---|---|
| Node |
Install with |
|
⚠️ For usage in browsers: The private keys provided by GitHub are in No conversion is needed in Node, both |
const { Octokit } = require("@octokit/core");
const { createProbotAuth } = require("octokit-auth-probot");
const ProbotOctokit = Octokit.defaults({
authStrategy: createProbotAuth,
});
const octokit = new ProbotOctokit({
auth: {
token: "secret 123",
},
});
Note: when using octokit.auth({ type: "installation", factory }), factory(options) will be called with options.octokit, options.octokitOptions, plus any other properties that have been passed to octokit.auth() besides type and factory. In all other cases, octokit.auth() will resolve with an oauth authentication object, no matter the passed options.
const octokit = new ProbotOctokit({
auth: {
appId: 123,
privateKey: `----BEGIN RSA PRIVATE KEY----- ...`,
},
});
const octokit = new ProbotOctokit();
This is useful if you need to send a request without access to authentication. Probot's use case here is Create a GitHub App from a manifest (POST /app-manifests/{code}/conversions), which is used to register a GitHub app and retrieve the credentials in return.
const eventOctokit = await octokit.auth({
type: "event-octokit",
event: { name: "push", payload: { installation: { id: 123 } } }, // event payload
});
eventOctokit is now authenticated in one of three ways:
octokit was authenticated using a token, eventOctokit is authenticated with the same token. In fact, eventOctokit is octokitevent name is installation and payload.action is either suspend or deleted, then eventOctokit is unauthenticated using @octokit/auth-unauthenticatedeventOctokit is authenticated as installation based on payload.installation.idFAQs
Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
The npm package octokit-auth-probot receives a total of 30,519 weekly downloads. As such, octokit-auth-probot popularity was classified as popular.
We found that octokit-auth-probot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.