auth-oauth-user.js icon indicating copy to clipboard operation
auth-oauth-user.js copied to clipboard

Published 20 hours ago verified publisher icon octokit

Create scoped authentication

Open gr2m opened this issue 4 years ago • 0 comments

Follow up to https://github.com/octokit/auth-oauth-user.js/pull/1

What’s missing?

auth({ type: "scope" })

The feature to Create a scoped access token is not yet implemented.

I think it shouldn't work like auth({ type: "reset" }), because creating a scoped token does not invalidate the current token. I think what we should do is to reuse the factory pattern from @octokit/auth-app which would make it possible to create a new octokit instance from the current one, and the new instance would be authenticated using the scoped token, or we could create a new auth instance like this

const scopedAuth = await auth({
  type: "scope",
  target: 123,
  repos: [456],
  factory: createOAuthUserAuth,
});

In order to make the above code possible, createOAuthUserAuth() would need to accept additional options specific to scoping user-to-server access tokens, which might not be to bad of an idea anyway.

Alternatives you tried

scopeToken() from @octokit/oauth-methods works to create the scoped authentication.

gr2m avatar Mar 19 '21 06:03 gr2m