search
githubEdit

GitHub API

hashtag
Authentication

hashtag
GitHub Apps vs OAuth Apps

  • GitHub Apps are preferred to OAuth App because they use fine-grained permissions, give more control over which repositories the app can access and use short-lived tokens

  • Similar to OAuth apps, GitHub Apps still use OAuth 2.0 and generate a type of OAuth token (called user access token) and take actions on behalf of a user.

GitHub Apps
OAuth apps

You must be an organization owner or have admin permissions in a repository to install a GitHub App on an organization. If a GitHub App is installed in a repository and requires organization permissions, the organization owner must approve the application.

You can authorize an OAuth app to have access to resources.

You can install a GitHub App on your personal repository.

You can authorize an OAuth app to have access to resources.

You must be an organization owner, personal repository owner, or have admin permissions in a repository to uninstall a GitHub App and remove its access.

You can delete an OAuth access token to remove access.

You must be an organization owner or have admin permissions in a repository to request a GitHub App installation.

If an organization application policy is active, any organization member can request to install an OAuth app on an organization. An organization owner must approve or deny the request.

hashtag
Full Python Code to Generate JWT, Request Access Token and Access Repo

import jwt
import time
import requests

# Replace these with your GitHub App credentials
APP_ID = "your_github_app_id"
INSTALLATION_ID = "your_installation_id"
PRIVATE_KEY_PATH = "path/to/your/private-key.pem"

# Step 1: Generate a JSON Web Token (JWT)
def generate_jwt(app_id, private_key_path):
    with open(private_key_path, "r") as key_file:
        private_key = key_file.read()
    current_time = int(time.time())
    payload = {
        "iat": current_time,            # Issued at time
        "exp": current_time + (10 * 60), # Expiration time (10 minutes)
        "iss": app_id                  # GitHub App ID
    }
    token = jwt.encode(payload, private_key, algorithm="RS256")
    return token

# Step 2: Request an Installation Access Token
def get_installation_access_token(jwt_token, installation_id):
    headers = {
        "Authorization": f"Bearer {jwt_token}",
        "Accept": "application/vnd.github+json"
    }
    url = f"https://api.github.com/app/installations/{installation_id}/access_tokens"
    response = requests.post(url, headers=headers)
    
    if response.status_code == 201:
        return response.json()["token"]
    else:
        raise Exception(f"Failed to get access token: {response.status_code} {response.text}")

# Step 3: Use the Installation Access Token to Access the GitHub API
def access_github_api(access_token):
    headers = {
        "Authorization": f"Bearer {access_token}",
        "Accept": "application/vnd.github+json"
    }
    url = "https://api.github.com/user"  # Example API endpoint
    response = requests.get(url, headers=headers)
    
    if response.status_code == 200:
        return response.json()
    else:
        raise Exception(f"API request failed: {response.status_code} {response.text}")

# Main Flow
try:
    # Generate JWT
    jwt_token = generate_jwt(APP_ID, PRIVATE_KEY_PATH)

    # Request Installation Access Token
    access_token = get_installation_access_token(jwt_token, INSTALLATION_ID)

    # Use the token to interact with the GitHub API
    user_data = access_github_api(access_token)
    print("User Data:", user_data)

except Exception as e:
    print("Error:", str(e))

hashtag
Get Content

  • curl --proxy-ntlm --proxy "http://$user:[email protected]:8080" -L -H "Accept: application/vnd.github.raw+json" -H "Authorization: Bearer $github_token" -H "X-GitHub-Api-Version: 2022-11-28" https://api/github.com/repos/$OWNER/$REPO/contents/$FOLDER/$FILE

hashtag
Reference

PreviousGitHubNextGitLab

Last updated