I made user authorizztion via GitHub OAuth. So now I'm trying to make a log out func. According to GitHub I can do it via revoking access token (https://docs.github.com/en/rest/reference/apps#delete-an-app-authorization). But this endpoint throws 404 all the time and according to the API main page (https://api.github.com/) there is no such endpoint at all. Found similar questions but without solutions.
Remove/revoke GitHub OAuth 'access_token'
GitHub OAuth logout or revoke of token
Related
According to this post, I should be able to generate a personal access token under my profile that has access to an organization's private repo, and use this personal access token for authentication to access an organization's private repo via Github-api.
However, when using this token, I get a 401 Unauthorized response / "Bad credentials". Is there extra permissions needed for my profile in order to use the Github API on that organization's private repo? Is there scopes I should have checked off when making my personal access token in order for it to work? My profile has the permission to read and contribute to the org repo, so I am confused why my profile's access token is met with a 401.
I ultimately want to run GET {{root}}/repos/{{owner}}/{{repo}}/contents/, where the owner is the organization name. Oddly, when using my personal access token on my own forked copies of the organization's repo, I also get a 401 Unauthorized.
EDIT: I checked off all possible scopes to attach to a token. Even with this token, I still get a 401 "Bad Credentials". There must then be a different set of permissions between being a contributor to a repo versus using the github-api to query the repo. Correct?
In the Google Actions panel we can enable account linking. We can also specify Authorization URL (Endpoint for your sign-in web page that supports OAuth2 code or implicit flows) and Token URL (OAuth2 endpoint for token exchange). Endpoints configuration image
I don't see any configuration options for Token revocation endpoint, and this possibility is described in the documentation: https://developers.google.com/identity/account-linking/unlinking#token_revocation_endpoint
If you support an OAuth 2.0 token revocation endpoint, your platform can receive notifications from Google. This lets you inform users of link state changes, invalidate a token, and cleanup security credentials and authorization grants.
Where can I set Token revocation endpoint to receive requests when a user deletes a Google Account link directly in their account?
Does Github support OAuth 20 resource owner password credential grant type? I know you can use basic authentication for CLI to login with Github account. The basic authentication can be used to directly request all sorts of user data (like emails, teams, etc). I am curiously to know if CL can request an OAuth access_token by using ROPC, then uses access_token (similar to authorization code grant type) to request user data.
Github's oAuth implementation only supports authorization code grant type. As an alternative (and similar to CLI), you can retrieve a personal access token via basic auth, then use the token for subsequent resource access.
I'm building a website which uses GitHub OAuth to authorise users. I'm successfully authorising users and able to get access_token from GitHub to talk to their API. When user logs out of my app I invalidate the session and delete the authorisation, but when user stays active in my app and logs out of GitHub, the access_token is still active article.
I'm looking for a way to logout / re-authorise users when they have logged out of GitHub.
I'm trying to post an issue on GitHub with the GitHub API.
I looked at the API documentation,
https://developer.github.com/v3/issues/#create-an-issue
but I can't figure out where the account information should go in the request body.
How should I authenticate this request?
You can see example of scripts posting issues in:
"'mapserver-trac-importer" (authentication github_post, with user/password)
"simple basic-auth node github api" (authentication here, with user/password)
".bashrc" (authentication in curl, with oauth)
As described in API V3 authentication, you can either user username/password, or an oauth token.
Note that if you have activated the 2FA (2 Form Authentication), you will need an oauth token.
I prefer oauth anyway, because you can revoke the token at any time (token that you can create just for this script), without having the hassle to change your password (which you could use in multiple other instances).