Points de terminaison d’API REST pour les autorisations OAuth

À propos de OAuth apps et des autorisations OAuth pour GitHub Apps

Vous pouvez utiliser ces points de terminaison pour gérer les jetons OAuth que OAuth apps ou GitHub Apps utilise pour accéder aux comptes des personnes sur GitHub.

Les jetons pour OAuth apps ont le préfixe gho_, tandis que les jetons OAuth pour GitHub Apps, utilisés pour l’authentification au nom de l’utilisateur, ont le préfixe ghu_. Vous pouvez utiliser les points de terminaison suivants pour les deux types de jetons OAuth.

Delete an app authorization

OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

basic_auth_heading

basic_auth

Paramètres pour «Delete an app authorization »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`client_id` string Requis The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
`access_token` string Requis The OAuth access token used to authenticate to the GitHub API.

http_status_code

status_code	Description
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

delete/applications/{client_id}/grant

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/grant \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Check a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND.

basic_auth_heading

basic_auth

Paramètres pour «Check a token »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`client_id` string Requis The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
`access_token` string Requis The access_token of the OAuth or GitHub application.

http_status_code

status_code	Description
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

post/applications/{client_id}/token

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://HOSTNAME/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://HOSTNAME/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://HOSTNAME/users/octocat/followers",
    "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
    "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
    "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
    "organizations_url": "https://HOSTNAME/users/octocat/orgs",
    "repos_url": "https://HOSTNAME/users/octocat/repos",
    "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
    "received_events_url": "https://HOSTNAME/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

Reset a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND.

basic_auth_heading

basic_auth

Paramètres pour «Reset a token »

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`client_id` string Requis The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
`access_token` string Requis The access_token of the OAuth or GitHub application.

http_status_code

status_code	Description
`200`	OK
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

patch/applications/{client_id}/token

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://HOSTNAME/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://HOSTNAME/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://HOSTNAME/users/octocat/followers",
    "following_url": "https://HOSTNAME/users/octocat/following{/other_user}",
    "gists_url": "https://HOSTNAME/users/octocat/gists{/gist_id}",
    "starred_url": "https://HOSTNAME/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://HOSTNAME/users/octocat/subscriptions",
    "organizations_url": "https://HOSTNAME/users/octocat/orgs",
    "repos_url": "https://HOSTNAME/users/octocat/repos",
    "events_url": "https://HOSTNAME/users/octocat/events{/privacy}",
    "received_events_url": "https://HOSTNAME/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

En-têtes
Nom, Type, Description
`accept` string Setting to `application/vnd.github+json` is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
`client_id` string Requis The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
`access_token` string Requis The OAuth access token used to authenticate to the GitHub API.

http_status_code

status_code	Description
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

code_samples

request_example

delete/applications/{client_id}/token

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  http(s)://HOSTNAME/api/v3/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Points de terminaison d’API REST pour les autorisations OAuth

À propos de OAuth apps et des autorisations OAuth pour GitHub Apps

Delete an app authorization

basic_auth_heading

Paramètres pour «Delete an app authorization »

http_status_code

code_samples

request_example

Response

Check a token

basic_auth_heading

Paramètres pour «Check a token »

http_status_code

code_samples

request_example

Response

Reset a token

basic_auth_heading

Paramètres pour «Reset a token »

http_status_code

code_samples

request_example

Response

Delete an app token

basic_auth_heading

Paramètres pour «Delete an app token »

http_status_code

code_samples

request_example

Response