I have a private repository and access of the raw.githubusercontent.com by API is using the ?token=AEDIQE3IPAPDAXI6QPVEBALBSAPEU in the end of the file name. But this token change during the time (10 -15 days) and this is not so good for my purposes. I don't find any way to do not change the token information. Please, this kind of configuration is possible?
Since that token can change, you might consider creating a Personal Access Token (PAT), and downloading the files using the Authorization header instead of a token in the URL.
curl -H "Authorization: token ${PAT}" \
https://raw.githubusercontent.com/user/repo/main/file.txt
The other approach seen here would be, still with a PAT, to
curl -H "Authorization: token ${PAT}" \
https://github.com/<username>/<reponame>/raw/<branch>/<path-to-your-file>
This will return a “redirect (HTTP 302)” with location header value pointing to the URL with the token.
You can get the current "raw.githubusercontent.com" token that way.
Related
I have a script that I'd like to be able to access via a curl command against its https://raw.githubusercontent.com/... location. Using git.io, it's really easy to shorten this URL to something like https://git.io/ABCDE.
But there's an issue related to the fact that my script exists in a private repository. If I directly curl against the githubusercontent URL, I get 404: Not Found. I'm able to bypass this by passing an authorization header with the request, e.g.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://raw.githubusercontent.com/...
> !#/bin/bash
... # rest of script
However, when I use my shortened URL, I don't get anything back. Not even a 404.
$ curl -H "Authorization: token <My Github Personal Access Token>" \
https://git.io/ABCDE
$
Anyone know what's going on here?
The way a URL shortener works is that it issues some sort of 3xx-series HTTP status code that redirects you to the new location, and then you make your request against that new location. However, by default, curl does not follow redirects, so all you see when you make your request is the output from git.io, which in this case is nothing.
If you want to follow redirects, then you should use the -L option to curl, which will make it follow redirects. Note that this can be insecure in many cases when passing credentials, since any credentials passed with -H will be passed to any remote server that the data is redirected to. In this case, that's what you want, but it can be a security problem in other cases if the credentials were only intended for the original server.
I'm trying to build an integration between two repositories. For that I've decided to use Github Apps.
I was able to sign working JWT and use it to get an access token (from https://api.github.com/app/installations/{{INST_ID}}/access_tokens). It looks like this: ghs_tVGHE4l5i4kjhasslirerno666222.
Now I'm trying to use it to trigger an dispatches event for a project workflow with on: workflow_dispatch: trigger.
But I just can't find a way to put ghs* token to use.
Examples I saw say:
curl -X POST https://api.github.com/repos/{{user}}/{{repo}}/dispatches \
-H 'Accept: application/vnd.github.everest-preview+json' \
-u ${{ ACCESS_TOKEN }} \
--data '{...}'
But it does not work, -u option is for 'user', not for token.
How to use ghs* token with github api?
The easiest way to do this is to just use the Token TOKEN Authorization header:
-H 'Authorization: Token ghs_tVGHE4l5i4kjhasslirerno666222
You may also try using Basic authentication with the x-token username. While that worked in the past, GitHub has disabled Basic authentication for the API, so that syntax may or may not function anymore.
Context: We are using Keycloak to secure our APIs by usually passing tokens through Authorization Headers. However, these APIs also allow users to download files (for instance: https://api.service.io/users.xlsx).
To use these "download endpoints", our web client applications pass users' token via query strings. (e.g. https://api.service.io/users.xlsx?accessToken=${bearerToken})).
Problem: Passing tokens via query string has several security flaws (browser history, ...). Therefore we would like to pass a very short-lived token (e.g. lifespan of 15sec) instead of the normal one (lifespan of 300sec by default).
Question: How could we request a different token from Keycloak API (for instance, /realms/#{realm_id}/protocol/openid-connect/token) by:
providing the normal access token (not credentials);
and specifying a different lifespan ?
After reading Keycloak's source code, it appears this is not possible (version 3.4.2.Final) to ask for a specific lifespan at runtime.
However, I developed a Keycloak Custom REST endpoint to do that. https://github.com/looorent/keycloak-configurable-token-api
When this JAR file is deployed in Keycloak, you can ask for a given lifespan at runtime. For example:
$ curl -X POST -d '{ "tokenLifespanInSeconds": 20}' -H "Content-Type: application/json" -H "Authorization: Bearer <user-access-token>" http://auth.service.io/auth/realms/a-realm/configurable-token
Do GitHub raw urls for private repositories expire? I'm referring to the link generated when you click the Raw button while viewing a file on github.com.
The link includes a token but there's no info about where that token comes from.
No one has clearly mentioned this, but the github raw urls expire in 7 days.
You can use longer lasting personal access tokens generated here: https://github.com/settings/tokens but those can only be used via curl:
curl -H 'Authorization: token <personal_token>' <raw_url>
Note that the personal access tokens expire if unused for an entire year.
That token comes from using OAuth with Git
https://<oauth-secret>:x-oauth-basic#raw.githubusercontent.com/<me>/<repo>/master/<file>
The raw.githubusercontent.com/<me>/<repo>/master/<file> part does not expire.
But it is to type 'y' before clicking 'Raw' on the GitHub page, in order to get the SHA1 as part of the url: that way, you are sure to reference always the same file version.
https://<oauth-secret>:x-oauth-basic#raw.githubusercontent.com/<me>/<repo>/<sha1>/<file>
^ ^^^^
The token part does not "expire" (but it can be deleted or revoked)
Please look at this API document, https://developer.github.com/v3/repos/contents/.
The URL should be:
curl -H 'Accept: application/vnd.github.VERSION.raw' -k \
https://{{githubhost}}/api/v3/repos/{{org}}/{{repo}}/contents/{{path}}?access_token=xxxx
It worked for me:
The access_token is personal access token.
And the path canbe a file or dir.
I’m trying to use the Github v3 API - I already implemented the required OAuth flow and it works well.
Now I’m trying some of the Repos API endpoints (http://developer.github.com/v3/repos/).
So far, I’m able to get a List of my repos using: GET /user/repos
However, when I try to create a repo using POST /user/repos, I get a 404.
Any thoughts what I might be doing wrong?
Joubert
Can you please tell us how exactly you did the HTTP request? The 404 sounds like you were using a wrong path, probably. But to give a reliable answer instead a wild guess, we need to see your request, including how you are sending your token, just mask it with 'xxx' or something.
I'll show you in the meantime an example request, that is working:
curl -XPOST -H 'Authorization: token S3CR3T' https://api.github.com/user/repos -d '{"name":"my-new-repo","description":"my new repo description"}'
You would need to replace the OAuth token of course: S3CR3T
I had the same issue. The reason why you are getting a 404 with your oauth access token is that when you authorize to github you need to also additionally pass the scopes you want. For example, in the header you should see "X-OAuth-Scopes: repo, user", which means this user has read/write access to his profile and repositories. Once you have set the correct scopes you should be able to do POST/PUT requests just fine.
To see whether or not you have the correct permissions. You can do something like the following. Substitute the XXXXXXX with your access token.
curl -I https://api.github.com/user?access_token=XXXXXXXX
For creating repositories as a user you can use an personal access token and basic auth, which can be much simpler when you are fluffing around on the command line and have 2FA enabled.
curl -d '{"name":"test"}' -u githubuser:personaccesstoken https://api.github.com/user/repos
Create a personal access token here https://github.com/settings/tokens and make sure it has the 'repo' scope.
This script lets you read in in the token and project name as variables so you can use it in a script
#!/usr/bin/env bash -u
#
TOKEN=`cat token_file`
PROJECT=myproject
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '{"name": "'"$PROJECT"'"}' https://api.github.com/user/repos?access_token=$TOKEN