I am just wondering, did anyone manage to authenticate into the Github GraphQL API with using a Github App and how?
The purpose of this is to write a script that pulls information from Github with the GraphQL API, but uses an app for authentication - so it is not user dependant and if a user leaves the organisation it doesn't take the functionality of the script with him.
The aim is to have a script that pulls all the Dependabot alerts from all the repos and pushes them to a Google spreadsheet.
I think I read somewhere Github does not recommend using a user service account.
Thanks
I followed this guide to "Authenticate as an installation", which generates a token.
Then I set a http header to: "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN"
Related
Currently where I am is this. I followed the Microsoft documentation to where a user can login to Angular front end via Azure Active Directory.
I followed this tutorial: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-angular-auth-code
This then populate my local storage with various details including an idtoken and accesstoken.
My hope is to then send a token to my backend (NodeJS), and have it validate the token before executing the API and then sending back the result.
Previously I was able to do this with middleware and leveraging Cognito but I am being forced to switch to Azure AD for Auth.
Any help would be greatly appreciated as I am currently at a loss. Thank you.
Check this: https://www.npmjs.com/package/validate-azure-ad-token
I think this library made just for you
If you are using a #azure/msal-react or #azure/msal-browser on the frontend site and you just want to verify your Microsoft access token on your node server.
Introduction
Recently I got hired to build out a new project that requires microsoft login to enable users from Azure AD / Microsoft 365 to be able to login in to a website that has the backbone of Strapi / a Headless CMS. See the below reference screenshot for the architecture that I have in mind.
I followed a few tutorials to integrate the oAuth flow “microsoft” explained in this tutorial and while this works fine, I need a more complete solution. (this is related to Strapi but could be any oAuth integration for a headless CMS)
The Strapi Microsoft provider only creates a user in the Strapi backend but completely ignores the returned data such as access_tokens and refresh_tokens that are mandatory to be used to parse the microsoft api’s. While this is fine if you are planning to continue with the user jwt that is generated / provided by Strapi, this but isn’t the case in my project.
Requirements System
A user should be able to login to Strapi backend with his microsoft account from a front-end website
The logged in user in the front-end should be able to get information from the microsoft graph api to get metadata of the user such as profile photo, tenant_id / group_ids, phone numbers and so forth.
The logged in user in the front-end should be able to query Strapi collection types as usual
The access_token returned by Strapi does not contain a refresh token out of the box because it uses the oauth grant flow on machine level which does not return the refresh token according to the docs.
Storing the access_token in localstorage is due to security risks not an option.
The access_token should periodically be refresh because access tokens are invalidated every 60 minutes by Azure AD.
Research done
After a little search on the web I found a library officially supported by Microsoft called MSAL
MSAL provides the tools to be able to login to microsoft AD in a react app with wrapper functions that redirect to microsoft online to login and save access_tokens etc in a secure session storage.
Unfortunately when logging on the front react app we don’t have a token to validate requests to Strapi, because we simply didn’t login to Strapi /api/connect/microsoft if we would use the MSAL library. So this is also not an option I guess.
Desired solution
We would like to be able to login to Strapi / Headless CMS via a button in the front-end and upon a success login a strapi user should be created that can execute requests on behalve of the JWT token given by Strapi, but also has the opportunity to execute requests to the external microsoft Graph API to gather meta data such as profile photo etc which are not stored in Strapi by default.
Storing the access_token in the database might be a solution but also security wise this may not be the best solution.
Lastly, the whole thing should be super secure and should automatically refresh the access token every 60 minutes. (Since the token life span of the token provided by Azure AD is 3500 seconds)
Help, tips and feedback is highly appreciated. Thanks in advance!
Cheers,
Kiwi Coder
I've got an software where single user can have many projects and can invite many members to single project. And right now I need to create an integration with Github API and connect single project to single repository in Github.
So, I'm starting with authorization to Github via Oauth. First step was adding in React app a single button with redirecting to this URL:
`https://github.com/login/oauth/authorize?client_id=${process.env.REACT_APP_GH_CLIENT_ID}&return_to=/login/oauth/authorize?client_id=${process.env.REACT_APP_GH_CLIENT_ID}&redirect_uri=${githubRedirectUrl}&scope=repo`
and handle callback from this authorization. After redirecting to set earlier callback url I gets an code and send him to server side, where later I make request to this endpoint
https://github.com/login/oauth/access_token
which return me access_token. This access token I save in database and use in every request to Github API via account which is connected.
And now is time, to integrate project with repository of the autorizated earlier account.
I create a simple list of all account repositories, and after click on one record I update project object with values like name, url etc.,
And right now is the most important question, how to enable other application users to perform operations on a connected repository? Should I save in project also access_token of the owner (which connect repo to app) and use this token in all requests to Github API?
/////////////////////////
i've a nodejs API.I need to develop a fucntionnality that based on a key search a user in azure active directory.
Someone can help me or indicate me some tutos about that.
Thanks
Preface
It'll depend a bit on if you want this to be entirely service-side without user interaction or if you want to run this in the context of the user.
This answer assumes the latter. The primary benefit of this approach is it will run the search based off the user permissions required (which may be less than enabling your app to do this as a service e.g. may not require admin consent). In general, all docs can be found at Azure AD Developer Docs.
Steps / Apps you need to build
You'll want to do the following things:
Sign in the end user to your client app (e.g. here's a SPA sample).
Have this client app request tokens to your Node Web API (e.g. here's a Node Web API that accepts tokens.
Then you'll want to check out the On-behalf-of protocol. This will allow you to exchange this token for a token for the Microsoft Graph API.
You can then use the token for Graph to call the necessary Users endpoint API endpoint for users.
I applied authentication mechanism as mentioned here and it works fine but I want to retrieve data of the user after authentication like his username and email how can I do so
Would suggest to read the Github API documentation https://developer.github.com/v3/users/.
Also, this link suggests you can get it from result that comes back from the Github auth provider -> https://github.com/oauthjs/node-oauth2-server/issues/327#issuecomment-254269482