Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3rd pardy implementation #35

Open
nonunknown opened this issue Aug 1, 2020 · 3 comments
Open

3rd pardy implementation #35

nonunknown opened this issue Aug 1, 2020 · 3 comments

Comments

@nonunknown
Copy link

maybe you'll remember about this #33 I'm implementing it now, and I was looking in the source of this repo, seems that you've used a key in the header of the request, so:

  • how did you generated this key?
  • how it has to go in the header?
@KinoLien
Copy link
Owner

KinoLien commented Aug 6, 2020

how did you generated this key?

I don't know what's your gaming flow, but as far as I have tried, there are two ways:

Personal Token (fast and simple way)

Refers this link: https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
Just follow the steps and you will get the token, but it's important to note that repo scope must be checked if you want to access YOUR private repositories.

OAuth Apps

Navigate to Settings > Developer settings -> OAuth Apps, and click New OAuth App.
There are 3 required fields, and the most important field is Authorization callback URL.
It means what's the callback URL when user pass the Github authentication, and the service corresponding to this URL has to make POST request to get the token. (you can refer /gettoken/callback part of this file)

how it has to go in the header?

Just append Authorization: token ${yourtoken} to the request header.
Ex. Authorization: token ff34885a86a4460a885y8637ajdy93775

@nonunknown
Copy link
Author

WOW thank you very much, So in case of OAuth Apps the requests to download can be from any repo not only mine?

@KinoLien
Copy link
Owner

KinoLien commented Aug 7, 2020

Not entirely correct, bro.
Anybody can READ all public repos, and difference of with/without token are that you can increase API rate limit and have the WRITE permission of the repos(if you are contributor).
In the case of OAuth Apps, after user authentication, then it can READ ANY public repos and itself private repos in the rate limit increased mode.

Also, I forgot mention it on last comment: Please DO NOT provide your personal token to your users, otherwise your quota will be used up very soon. That's why you should choose the OAuth Apps option, it allows your users get his own token.

ps. Access rate limit: without token: 60 / per min. with token: 5000 / per min.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KinoLien @nonunknown