gitzip icon indicating copy to clipboard operation
gitzip copied to clipboard

Published 20 hours ago verified publisher icon KinoLien

3rd pardy implementation

Open nonunknown opened this issue 4 years ago • 3 comments

maybe you'll remember about this #33 I'm implementing it now, and I was looking in the source of this repo, seems that you've used a key in the header of the request, so:

  • how did you generated this key?
  • how it has to go in the header?

nonunknown avatar Aug 01 '20 20:08 nonunknown

how did you generated this key?

I don't know what's your gaming flow, but as far as I have tried, there are two ways:

Personal Token (fast and simple way)

Refers this link: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token Just follow the steps and you will get the token, but it's important to note that repo scope must be checked if you want to access YOUR private repositories.

OAuth Apps

Navigate to Settings > Developer settings -> OAuth Apps, and click New OAuth App. There are 3 required fields, and the most important field is Authorization callback URL. It means what's the callback URL when user pass the Github authentication, and the service corresponding to this URL has to make POST request to get the token. (you can refer /gettoken/callback part of this file)

how it has to go in the header?

Just append Authorization: token ${yourtoken} to the request header. Ex. Authorization: token ff34885a86a4460a885y8637ajdy93775

KinoLien avatar Aug 06 '20 02:08 KinoLien

WOW thank you very much, So in case of OAuth Apps the requests to download can be from any repo not only mine?

nonunknown avatar Aug 06 '20 11:08 nonunknown

Not entirely correct, bro. Anybody can READ all public repos, and difference of with/without token are that you can increase API rate limit and have the WRITE permission of the repos(if you are contributor). In the case of OAuth Apps, after user authentication, then it can READ ANY public repos and itself private repos in the rate limit increased mode.

Also, I forgot mention it on last comment: Please DO NOT provide your personal token to your users, otherwise your quota will be used up very soon. That's why you should choose the OAuth Apps option, it allows your users get his own token.

ps. Access rate limit: without token: 60 / per min. with token: 5000 / per min.

KinoLien avatar Aug 07 '20 03:08 KinoLien