Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Github API OAuth token validation

Is there any way to validate my OAuth token for the github API? By 'token' I mean the one I get after the user has logged in to my website. I store it on the client computer using cookies, but just checking if there is a token is not enough: I need to actually check if the token is valid or not. Currently this requires me to make a request for information and then catching the errors. However, this is really damaging my rates and also my load speed as the github API is sloooow... I am using Node.js, express and the octonode library.

I tried looking at the github API docs, but they are minimal. Maybe this is to do with OAuth.

like image 526
64_ Avatar asked Mar 16 '14 15:03

64_


2 Answers

From the Github API docs on authorizations:

OAuth applications can use a special API method for checking OAuth token validity without running afoul of normal rate limits for failed login attempts.

Authentication works differently with this particular endpoint. You must use Basic Authentication when accessing it, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.

You can do this with curl:

curl -u client_id:client_secret https://api.github.com/applications/:client_id/tokens/:token

Or, if using fetch, use Curl to Fetch.

This is compiled from the helpful comments on the OP's question.

like image 43
OctaviaLo Avatar answered Sep 22 '22 04:09

OctaviaLo


Check headers to see what OAuth scopes you have, and what the API action accepts:

curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/users/codertocat -I
HTTP/1.1 200 OK
X-OAuth-Scopes: repo, user
X-Accepted-OAuth-Scopes: user
like image 111
Victor Kushnerov Avatar answered Sep 22 '22 04:09

Victor Kushnerov