The issue has been closed

Verify token in options #3752

fregante posted onGitHub

When the user pastes a token, we could verify that the token:

Is active/valid
Has the expected scope(s)

#3734 will add a function that helps with this validation.

Did a drop of testing here it does not give back all scopes. For example discussion is not passed back.

posted by yakov116 over 4 years ago

We don't need discussion and currently we only soft-require repo and delete_repo, both of which are reported.

Let's take this opportunity to better explain why the token is needed: https://github.com/sindresorhus/refined-github/pull/3757

And then add something like ✅ Valid or ❌ Not set/invalid next to each that is updated with the validation.

posted by fregante over 4 years ago

From my testing we cannot see if they have public and/or private repo enabled it just returns repo

posted by yakov116 over 4 years ago

maxresdefault

public_repo means that they only have access to public repositories.

repo means access to all repositories; this includes public_repo

It's in the notes I added in #3757

Try creating a token with just public_repo and it will show up.

posted by fregante over 4 years ago

I will try again tomorrow. I need help understanding how to reset on domain change.

See https://github.com/sindresorhus/refined-github/tree/validate-token for my half baked work.

posted by yakov116 over 4 years ago

I just tested and confirmed. It only gives you back what you selected when you created the token. Which means that if you made any changes, the header does not update! It will update if you regenerate the token.

So if a users adds a permission there will be no way for us to update it

posted by yakov116 over 4 years ago

@fregante can you confirm too?

posted by yakov116 over 4 years ago

That's not right either. You can see the same token changing scopes here, seconds after changing them:

❯ http HEAD https://api.github.com/ "Authorization: token b77a804af914872e62b8c84d009f37f509cf2b58"
HTTP/1.1 200 OK
X-OAuth-Scopes: public_repo

❯ http HEAD https://api.github.com/ "Authorization: token b77a804af914872e62b8c84d009f37f509cf2b58"
HTTP/1.1 200 OK
X-OAuth-Scopes: repo

❯ http HEAD https://api.github.com/ "Authorization: token b77a804af914872e62b8c84d009f37f509cf2b58"
HTTP/1.1 200 OK
X-OAuth-Scopes: delete_repo, public_repo

posted by fregante over 4 years ago

I think you're confusing "token regeneration" with "token update." The regeneration creates a new token, but that's not what you're supposed to do:

nook

posted by fregante over 4 years ago

I did both. I will make a screencast. Maybe something was wrong with Github yesterday.

posted by yakov116 over 4 years ago

Keep in mind that api.v3 is memoized. Use fetch directly instead

posted by fregante over 4 years ago

https://github.com/sindresorhus/refined-github/blob/09323918b5a3031fcb525a98474df0025d5a9f66/source/options.tsx#L14-L24

I will try it again in an hour

posted by yakov116 over 4 years ago

It's a cache problem, not an API problem

Use cache: 'no-store'

const {headers} = await fetch('https://api.github.com/', { 
    cache: 'no-store',
     headers: {...}
});

posted by fregante over 4 years ago

THANKS! How did you know I just started wording on it!

posted by yakov116 over 4 years ago

Fund this Issue

$0.00

Funded

Pull requests

Verify token in options #3752

Company

Community

Support

Connect