Skip to main content
L’API REST est maintenant versionnée. Pour plus d’informations, consultez « À propos des versions de l’API ».

Points de terminaison d’API REST pour les autorisations OAuth

Utilisez l’API REST pour interagir avec les OAuth apps et les autorisations OAuth des GitHub Apps

À propos des OAuth apps et des autorisations OAuth des GitHub Apps

Vous pouvez utiliser ces points de terminaison pour gérer les jetons OAuth que OAuth apps ou GitHub Apps utilise pour accéder aux comptes des personnes sur GitHub.

Les jetons pour OAuth apps ont le préfixe gho_, tandis que les jetons OAuth pour GitHub Apps, utilisés pour l’authentification au nom de l’utilisateur, ont le préfixe ghu_. Vous pouvez utiliser les points de terminaison suivants pour les deux types de jetons OAuth.

Delete an app authorization

OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

Authentification de base pour « Delete an app authorization »

Vous devez utiliser l’authentification de base pour utiliser ce point de terminaison. Utilisez le client_id de l’application comme nom d’utilisateur et le client_secret comme mot de passe.

Paramètres pour « Delete an app authorization »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
client_id string Obligatoire

The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
access_token string Obligatoire

The OAuth access token used to authenticate to the GitHub API.

Codes d’état de la réponse HTTP pour « Delete an app authorization »

Code d’étatDescription
204

No Content

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour « Delete an app authorization »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/applications/{client_id}/grant
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/grant \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Check a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND.

Authentification de base pour « Check a token »

Vous devez utiliser l’authentification de base pour utiliser ce point de terminaison. Utilisez le client_id de l’application comme nom d’utilisateur et le client_secret comme mot de passe.

Paramètres pour « Check a token »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
client_id string Obligatoire

The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
access_token string Obligatoire

The access_token of the OAuth or GitHub application.

Codes d’état de la réponse HTTP pour « Check a token »

Code d’étatDescription
200

OK

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour « Check a token »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

post/applications/{client_id}/token
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200
{ "id": 1, "url": "https://api.github.com/authorizations/1", "scopes": [ "public_repo", "user" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "Iv1.8a61f9b3a7aba766" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "fingerprint": "jklmnop12345678", "expires_at": "2011-09-08T17:26:27Z", "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false } }

Reset a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND.

Authentification de base pour « Reset a token »

Vous devez utiliser l’authentification de base pour utiliser ce point de terminaison. Utilisez le client_id de l’application comme nom d’utilisateur et le client_secret comme mot de passe.

Paramètres pour « Reset a token »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
client_id string Obligatoire

The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
access_token string Obligatoire

The access_token of the OAuth or GitHub application.

Codes d’état de la réponse HTTP pour « Reset a token »

Code d’étatDescription
200

OK

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour « Reset a token »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

patch/applications/{client_id}/token
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200
{ "id": 1, "url": "https://api.github.com/authorizations/1", "scopes": [ "public_repo", "user" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "Iv1.8a61f9b3a7aba766" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "fingerprint": "jklmnop12345678", "expires_at": "2011-09-08T17:26:27Z", "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false } }

Delete an app token

OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization.

Authentification de base pour « Delete an app token »

Vous devez utiliser l’authentification de base pour utiliser ce point de terminaison. Utilisez le client_id de l’application comme nom d’utilisateur et le client_secret comme mot de passe.

Paramètres pour « Delete an app token »

En-têtes
Nom, Type, Description
accept string

Setting to application/vnd.github+json is recommended.

Paramètres de chemin d’accès
Nom, Type, Description
client_id string Obligatoire

The client ID of the GitHub app.

Paramètres du corps
Nom, Type, Description
access_token string Obligatoire

The OAuth access token used to authenticate to the GitHub API.

Codes d’état de la réponse HTTP pour « Delete an app token »

Code d’étatDescription
204

No Content

422

Validation failed, or the endpoint has been spammed.

Exemples de code pour « Delete an app token »

Si vous accédez à GitHub à GHE.com, remplacez api.github.com par le sous-domaine dédié de votre entreprise à api.SUBDOMAIN.ghe.com.

Exemple de requête

delete/applications/{client_id}/token
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204