3

I am using the passportjs library to authenticate users into the application. An access token is usually generated when users authenticate successfully with passportjs. I am attempting to create a branch with the github API with this access token but without much success, both using the octokit wrapper as well as posting with super-agent.

I first attempted to authenticate the octokit by providing it username and password, in this fashion. 

let octokit=new Octokit({
  auth:{
    username:username,
    password:password
  }
});

I was then able to create a ref/branch without much issue. However, when I did the same but with accesstokens generated by github SSO, like this

passport.use(new GitHubStrategy({
                clientID: keys.clientId,
                clientSecret: keys.clientSecret,
                callbackURL: "/auth/github/callback"
            },
            async (accessToken, refreshToken, profile, done) => {
                let octokit = new Octokit(auth: `token ${accessToken}`);
                const branchName = 'refs/heads/vue' + Math.random();
                let masterHash = '123x123x1231232';
                octokit.git.createRef({
                    owner: owner,
                    repo: 'gitDemo',
                    ref: branchName,
                    sha: masterHash
                }).then((data) => {
                    console.log('data ', data);
                });

            }

I receive an HttpError: Not found error. Another method that I tried is to post directly to the end point with superagent, putting the acccess code in the authorization header. 

  const data={
          ref:'refs/heads/FooBranch',
          sha:masterHash
      };
const res2=await request.post('https://api.github.com/repos/SomeOwner/SomeRepo/git/refs')
                            .set('Authorization','token '+accessToken)
                            .send(data);

However, I still receive an HttpError :not found issue. I am quite confused as to what I may have done wrong. Thank you and any help would be greatly appreciated!

JackatWaterloo
  • 31
  • 3
  • 1
    The "Not found" error usually implies that the authentication you use does not have read access to the repository. My guess is that the token you receive does not have sufficient scopes. In your code, can you catch the error and log out `error.headers`? It should include a header which includes the scopes your token has – Gregor Apr 23 '19 at 21:20

2 Answers2

1

I found the anwser here

Basically you don't send data using JSON but rather FormData. So the post should look like this (copied from link):

let data = new FormData()
data.append('client_id', options.client_id)
data.append('client_secret', options.client_secret)
data.append('code', code)
  
fetch(`https://github.com/login/oauth/access_token`, {
  method: 'POST',
  body: data
})
Maciek Murawski
  • 414
  • 4
  • 15
0

In case anyone else comes across this in the future, you have to specify the Content-Type and Accept when making the request. Without specifying it in the headers you will have to send and receive FormData.

Kudos @Github for not mentioning this at all in their docs.

Using node's built in fetch:

const githubRes = await fetch(githubUrl, {
  method: "POST",
  headers: {
    "Accept": "application/json",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    code,
    client_id: config.github.clientId,
    client_secret: config.github.clientSecret,
    redirect_uri: config.github.redirectUri,
  }),
});
    
const githubJson = await githubRes.json();
const token = githubJson.access_token;
Tyler2P
  • 2,324
  • 26
  • 22
  • 31
joeldorado
  • 1