Github API OAuth 令牌验证

Question

Is there any way to validate my OAuth token for the github API? By 'token' I mean the one I get after the user has logged in to my website. I store it on the client computer using cookies, but just checking if there is a token is not enough: I need to actually check if the token is valid or not. Currently this requires me to make a request for information and then catching the errors. However, this is really damaging my rates and also my load speed as the github API is sloooow ... I am using Node.js, express and the octonode library.

I tried looking at the github API docs, but they are minimal and slightly suckish. Maybe this is to do with OAuth, I'm not sure.

Thanks in advance.

Answer 1

From the Github API docs on authorizations :

OAuth applications can use a special API method for checking OAuth token validity without running afoul of normal rate limits for failed login attempts.

Authentication works differently with this particular endpoint. You must use Basic Authentication when accessing it, where the username is the OAuth application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.

You can do this with curl:

curl -u client_id:client_secret https://api.github.com/applications/:client_id/tokens/:token

Or, if using fetch, use Curl to Fetch .

This is compiled from the helpful comments on the OP's question.

Answer 2

Check headers to see what OAuth scopes you have, and what the API action accepts:

curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/users/codertocat -I

HTTP/1.1 200 OK
X-OAuth-Scopes: repo, user
X-Accepted-OAuth-Scopes: user

Answer 3

curl -H "Authorization: <TOKEN>" https://api.github.com/

或者

curl https://api.github.com/ -u <USERNAME>:<TOKEN>