Videos
Hello everyone,
I'm currently in the process of setting up access to GitHub repositories via the GitHub API for a project. My intention is to allow users to log in with their GitHub accounts and then view all the repositories associated with their account, along with their pull requests.
I've been exploring OAuth tokens as a potential solution for authentication, but I'm uncertain if this approach is suitable for accessing user repositories. Can anyone confirm if OAuth tokens can indeed be utilized in this manner?
Additionally, if you have any insights or examples of the user flow for logging in with GitHub and accessing repository data via the API, I'd greatly appreciate it!
Thank you for your assistance!
I spent waaaay too much time trying to do this. I am trying to use nodejs to make a bit but I can’t figure out how to do the authentication.
Do anyone have any tutorials or documentation I can follow?
As of right now, you cannot retrieve a permanent access token. You have 2 options that come close.
The first is to request a "refresh" token when using the standard OAuth flow. That's what you're doing by sending "duration" as "permanent" in your code. The refresh token can be used to automatically retrieve new 1 hour access tokens without user intervention; the only manual steps are on the initial retrieval of the refresh token.
The second alternative, which applies only when writing a script for personal use, is to use the password grant type. The steps are described in more detail on reddit's "OAuth Quick Start" wiki page, but I'll summarize here:
- Create an OAuth client (under https://www.reddit.com/prefs/apps) with type = "script"
- Make a request to
https://www.reddit.com/api/v1/access_tokenwith POST parametersgrant_type=password&username=<USERNAME>&password=<PASSWORD>. Send your client ID and secret as HTTP basic authentication.<USERNAME>must be registered as a developer of the OAuth 2 client ID you send.
A client_id and client_secret can be generated for a reddit account by going to https://www.reddit.com/prefs/apps and creating an app:
The part I have hidden is my client_id.
Then you can use a client like praw to access reddit e.g. with Python:
import praw
r = praw.Reddit(client_id='insert id here',
client_secret='insert secret here',
user_agent='insert user agent')
page = r.subreddit('aww')
top_posts = page.hot(limit=None)
for post in top_posts:
print(post.title, post.ups)
You could use your current browser's user agent, which can be easily found by google searching "what is my user agent" (among other ways).
To my understanding, the changes mean that users with OAuth have 100 requests per minute - which satisfies my requirements. I've been looking around for some proper documentation about all this.
I found the following https://github.com/reddit-archive/reddit/wiki/OAuth2-Quick-Start-Example#first-steps that provides the curl command to get an access token and works fine. Is that all the documentation there is?
Is there anyway I can do the same via Praw (or should I just use the token from the above with Praw)? Additionally, the above resource doesn't show me how to access refresh tokens, is there a separate curl command for them?
I apologize if this is a stupid question but I can't seem to find any coherent docs and haven't used the API for a long time.