Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
npm install octokit-auth-probot> Octokit authentication strategy that supports token, app (JWT), and event-based installation authentication
octokit-auth-probot combines the authentication strategies:
1. @octokit/auth-app
2. @octokit/auth-token
3. @octokit/auth-unauthenticated
It adds a new authentication type: "event-octokit", which allows to retrieve an Octokit instance which is correctly authenticated based on the Octokit constructors authentication (app or token) as well as the event, which either results in an installation access token authentication or, in case the event implies that the installation's access has been revoked, in an unauthenticated Octokit instance.
octokit-auth-probot is not meant to be used by itself, but in conjuction with @octokit/core or a compatible library.
Browsers | Load `` |
|---|---|
Node | Install with ` |
⚠️ For usage in browsers: The private keys provided by GitHub are in PKCS#1 ` No conversion is needed in Node, both PKCS#1 | |
`js
const { Octokit } = require("@octokit/core");
const { createProbotAuth } = require("octokit-auth-probot");
const ProbotOctokit = Octokit.defaults({
authStrategy: createProbotAuth,
});
`
`js`
const octokit = new ProbotOctokit({
auth: {
token: "secret 123",
},
});
Note: when using octokit.auth({ type: "installation", factory }), factory(options) will be called with options.octokit, options.octokitOptions, plus any other properties that have been passed to octokit.auth() besides type and factory. In all other cases, octokit.auth() will resolve with an oauth authentication object, no matter the passed options.
`js----BEGIN RSA PRIVATE KEY----- ...
const octokit = new ProbotOctokit({
auth: {
appId: 123,
privateKey: ,`
},
});
`js`
const octokit = new ProbotOctokit();
This is useful if you need to send a request without access to authentication. Probot's use case here is Create a GitHub App from a manifest (POST /app-manifests/{code}/conversions), which is used to register a GitHub app and retrieve the credentials in return.
`js`
const eventOctokit = await octokit.auth({
type: "event-octokit",
event: { name: "push", payload: { installation: { id: 123 } } }, // event payload
});
eventOctokit is now authenticated in one of three ways:
1. If octokit was authenticated using a token, eventOctokit is authenticated with the same token. In fact, eventOctokit _is_ octokit
2. If name is installation and payload.action is either suspend or deleted, then eventOctokit is unauthenticated using @octokit/auth-unauthenticated
3. Otherwise is authenticated as installation based on payload.installation.id`