Currently I am trying to build a Github Pages site that will act as an editor for the data in a users repository. At the moment when the user initially uses the site, they are directed to install the Github app, and when this happens they are redirected back to the site, with the code in the url. The site then sends this code to a server with Gatekeeper on it, the token is returned, and is stored in the users cookies. According to Github:
By default, the user access token expires after 8 hours. You can use a refresh token to regenerate a user access token. For more information, see "Refreshing user access tokens."
I am fine with the token expiring every 8 hours, and I understand your supposed to use the refresh token to refresh it, but the issue is that I do not understand what is supposed to happen if the application loses these tokens. Does the user have to uninstall and reinstall the app if they move to another browser?
My guess is that maybe you could send the user through the Oauth flow and they'll get a refreshed token for the app, but this brings up the issue that you can't tell if the user has installed the app. As a result, it appears the only way to do this is to send the user through the Oauth flow, use the token from that to check if the app is installed, and then if its not send them through the app install process, which seems ridiculous.
So, my question is, if the user authentication token is not available for an installed app, what is the intended way for the application to get one?
If anyone can find any projects that have this implemented as an example that would be great.
Additionally, the reason I'm having the user install the app instead of just authenticating with it is that it appears to be the only way the app can access their private repositories.
EDIT: I found this information here and
I have attempted with both of these API's and neither has returned private repos:
https://api.github.com/users/USERNAME/repos
const apiUrl = 'https://api.github.com/user/repos';
const params = {type: 'private'};
fetch(`${apiUrl}?${new URLSearchParams(params)}`, {
method: 'GET',
headers: {
'Authorization': `token ${accessToken}`,
'Accept': 'application/json',
}
})
.then(response => response.json())
.then(data => {
console.log(data);
})
.catch(error => {
console.error('Error:', error);
});
https://api.github.com/search/repositories?q=user:USERNAME
const apiUrl = `https://api.github.com/search/repositories?q=user:${username}+is:private`;
fetch(apiUrl, {
method: 'GET',
headers: {
'Authorization': `token ${accessToken}`,
'Accept': 'application/json',
}
})
.then(response => response.json())
.then(data => {
console.log(data.items);
})
.catch(error => {
console.error('Error:', error);
});
});
Instead of using an authenticated or installed GithubApp I just used an OauthApp, which can access private repos and gets around the whole issue.