I accidentally leaked it. I searched the Github docs and account settings but did not find anything to recover.
You should be able to regenerate a new PAT (Personal Access Token), and invalidate/remove the previous one in your to access your Settings / Developer Settings / Personal access tokens / Tokens (classics) section.
Then you should be able to test your RSS feeds, knowning that, as the Feed API page mentions:
Private feeds are only returned when authenticating via Basic Auth (USERNAME:TOKEN) since current feed URIs use the older, non revocable auth tokens.
You can list your feeds with
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
https://api.github.com/feeds
Or use thrid-part GitHub feed generators like RSSHub (as listed here).
Related
Within a GitHub Actions workflow in repository A we are trying to download release assets from another private repository B. Therefore the runner (running in a workflow in repo A) needs to authenticate against repository B.
There seem to be 2 possible solutions for that:
Create a private access token (PAT)
Create a GitHub application and use that for authenticating
Since we do not want this setup to be dependent on individual users, option 1) seems like the wrong approach. But we somehow got stuck with option 2). What we did so far:
Create a GitHub application (not oauth, since it should be independent of the user)
Grant all permissions for repositories to this app
Install the app in our organisation
Generate an app private key and create a JWT token following the documentation here
Sending a curl request with this generated JWT token, like
curl -i -X POST \
-H "Authorization: Bearer YOUR_JWT" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/app/installations/:installation_id/access_tokens
But this request always gives us a 401.
So first question is: are we on the right track here? Second question would be: how can we make this work?
It also puzzles us that we would have to re-create the JWT token with every workflow run (since we cannot use a long enough expiration time), and would rather like to have something that can be put into the secrets store of the workflow.
I have a private repository and access of the raw.githubusercontent.com by API is using the ?token=AEDIQE3IPAPDAXI6QPVEBALBSAPEU in the end of the file name. But this token change during the time (10 -15 days) and this is not so good for my purposes. I don't find any way to do not change the token information. Please, this kind of configuration is possible?
Since that token can change, you might consider creating a Personal Access Token (PAT), and downloading the files using the Authorization header instead of a token in the URL.
curl -H "Authorization: token ${PAT}" \
https://raw.githubusercontent.com/user/repo/main/file.txt
The other approach seen here would be, still with a PAT, to
curl -H "Authorization: token ${PAT}" \
https://github.com/<username>/<reponame>/raw/<branch>/<path-to-your-file>
This will return a “redirect (HTTP 302)” with location header value pointing to the URL with the token.
You can get the current "raw.githubusercontent.com" token that way.
I'm trying to build an integration between two repositories. For that I've decided to use Github Apps.
I was able to sign working JWT and use it to get an access token (from https://api.github.com/app/installations/{{INST_ID}}/access_tokens). It looks like this: ghs_tVGHE4l5i4kjhasslirerno666222.
Now I'm trying to use it to trigger an dispatches event for a project workflow with on: workflow_dispatch: trigger.
But I just can't find a way to put ghs* token to use.
Examples I saw say:
curl -X POST https://api.github.com/repos/{{user}}/{{repo}}/dispatches \
-H 'Accept: application/vnd.github.everest-preview+json' \
-u ${{ ACCESS_TOKEN }} \
--data '{...}'
But it does not work, -u option is for 'user', not for token.
How to use ghs* token with github api?
The easiest way to do this is to just use the Token TOKEN Authorization header:
-H 'Authorization: Token ghs_tVGHE4l5i4kjhasslirerno666222
You may also try using Basic authentication with the x-token username. While that worked in the past, GitHub has disabled Basic authentication for the API, so that syntax may or may not function anymore.
I have a web application secured by Keycloak. Now I want to read all the security groups and users from keycloak in my application. Is it possible?
Keycloak has a very good documentation around the APIs.
I believe you are looking to get all the groups and users from the Keycloak. It could be as straightforward as calling any REST APIs.
You can follow this link to get all the groups from the Keycloak.
And this link to get the users based on the given search criteria.
But I would be wary of the performance implication it might have calling these APIs. Make sure to use pagination and appropriate filters for getting users.
Also, if you want, you can write a custom extension in Keycloak to serve your purpose. You can follow this link for it.
I could get the access token using the client secret key using the curl command from command line.
$curl -X POST -d "client_id=my_client" -d "username=username" -d "client_secret=c957b0ba-c421-4021-8433-764aa2fwes72" -d "grant_type=client_credentials" HOST/auth/realms/my_realm/protocol/openid-connect/token
I could also get the list of users after getting the access token
$curl -X GET HOST/auth/admin/realms/my_realm/users -H "Authorization: Bearer access-token" -H 'cache-control: no-cache'
Now, I'm thinking how can I do this from my web application.
Do GitHub raw urls for private repositories expire? I'm referring to the link generated when you click the Raw button while viewing a file on github.com.
The link includes a token but there's no info about where that token comes from.
No one has clearly mentioned this, but the github raw urls expire in 7 days.
You can use longer lasting personal access tokens generated here: https://github.com/settings/tokens but those can only be used via curl:
curl -H 'Authorization: token <personal_token>' <raw_url>
Note that the personal access tokens expire if unused for an entire year.
That token comes from using OAuth with Git
https://<oauth-secret>:x-oauth-basic#raw.githubusercontent.com/<me>/<repo>/master/<file>
The raw.githubusercontent.com/<me>/<repo>/master/<file> part does not expire.
But it is to type 'y' before clicking 'Raw' on the GitHub page, in order to get the SHA1 as part of the url: that way, you are sure to reference always the same file version.
https://<oauth-secret>:x-oauth-basic#raw.githubusercontent.com/<me>/<repo>/<sha1>/<file>
^ ^^^^
The token part does not "expire" (but it can be deleted or revoked)
Please look at this API document, https://developer.github.com/v3/repos/contents/.
The URL should be:
curl -H 'Accept: application/vnd.github.VERSION.raw' -k \
https://{{githubhost}}/api/v3/repos/{{org}}/{{repo}}/contents/{{path}}?access_token=xxxx
It worked for me:
The access_token is personal access token.
And the path canbe a file or dir.