Your GitHub App accesses the API with the user's access token The response parameters expires_in, refresh_token, and refresh_token_expires_in are only returned when you enable expiring user-to-server access tokens. The unguessable random string you provided in Step 1.īy default, the response takes the following form.
Uninstall gpg suite map code#
The code you received as a response to Step 1.
Make a request to the following endpoint to receive an access token: POST To opt-in to the user-to-server token expiration feature, see " Activating optional features for apps." For more information, see " Refreshing user-to-server access tokens."Įxpiring user tokens are currently an optional feature and subject to change. Every time you refresh the token, you get a new refresh token. When expiring tokens are enabled, the access token expires in 8 hours and the refresh token expires in 6 months. The state parameter is not returned when GitHub initiates the OAuth flow during app installation.Įxchange this code for an access token. Note: If you select Request user authorization (OAuth) during installation when creating or modifying your app, GitHub returns a temporary code that you will need to exchange for an access token. Use false when a policy prohibits signups. Whether or not unauthenticated users will be offered an option to sign up for GitHub during the OAuth flow. Suggests a specific account to use for signing in and authorizing the app. This should contain a random string to protect against forgery attacks and could contain any other arbitrary data. This must be an exact match to one of the URLs you provided as a Callback URL when setting up your GitHub App and can't contain any additional parameters. The URL in your application where users will be sent after authorization. Note: The app ID and client ID are not the same, and are not interchangeable. You can find this in your GitHub App settings when you select your app. When your GitHub App specifies a login parameter, it prompts users with a specific account they can use for signing in and authorizing your app. Request a user's GitHub identityĭirect the user to the following URL in their browser: GET For more information, see " Authorizing users during installation." 1. If you select Request user authorization (OAuth) during installation when creating or modifying your app, step 1 will be completed during app installation.
Users are redirected back to your site by GitHub.Users are redirected to request their GitHub identity.Using the web application flow, the process to identify users on your site is: The device flow uses the OAuth 2.0 Device Authorization Grant. To authorize users for headless apps without direct access to the browser, such as CLI tools or Git credential managers, use the device flow. To authorize users for standard apps that run in the browser, use the web application flow. For more information, see " Refreshing user-to-server access tokens." Identifying users on your site To keep user-to-server access tokens more secure, you can use access tokens that will expire after 8 hours, and a refresh token that can be exchanged for a new access token. These requests also include actions triggered by a user, like running a build. User-to-server requests include requesting data for a user, like determining which repositories to display to a particular user. These requests must be authorized with a user's access token. When your GitHub App acts on behalf of a user, it performs user-to-server requests.
To opt in or out of the user-to-server token expiration feature, see " Activating optional features for apps." For more information, see " Expiring user-to-server access tokens for GitHub Apps." Note: Expiring user tokens are currently an optional feature and subject to change.