我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

Refreshing user-to-server access tokens

To enforce regular token rotation and reduce the impact of a compromised token, you can configure your GitHub 应用程序 to use expiring user access tokens.

本文内容

注:过期用户令牌目前是用户到服务器令牌过期的一部分,可能会更改。 要选择加入用户到服务器令牌过期测试版功能,请参阅“激活应用程序的测试版功能”。 更多信息请参阅“GitHub 应用程序过期用户到服务器访问令牌”。

About expiring user access tokens

To enforce regular token rotation and reduce the impact of a compromised token, you can configure your GitHub 应用程序 to use expiring user access tokens. For more information on making user-to-server requests, see "Identifying and authorizing users for GitHub Apps."

Expiring user tokens expire after 8 hours. When you receive a new user-to-server access token, the response will also contain a refresh token, which can be exchanged for a new user token and refresh token. Refresh tokens are valid for 6 months.

Renewing a user token with a refresh token

To renew an expiring user-to-server access token, you can exchange the refresh_token for a new access token and refresh_token.

POST https://github.com/login/oauth/access_token

This callback request will send you a new access token and a new refresh token. This callback request is similar to the OAuth request you would use to exchange a temporary code for an access token. For more information, see "Identifying and authorizing users for GitHub Apps" and "Basics of authentication."

参数

名称类型描述
refresh_token字符串Required. The token generated when the GitHub 应用程序 owner enables expiring tokens and issues a new user access token.
grant_type字符串Required. Value must be refresh_token (required by the OAuth specification).
client_id字符串Required. The client ID for your GitHub 应用程序.
client_secret字符串Required. The client secret for your GitHub 应用程序.

响应

{
  "access_token": "e72e16c7e42f292c6912e7710c838347ae178b4a",
  "expires_in": "28800",
  "refresh_token": "r1.c1b4a2e77838347a7e420ce178f2e7c6912e1692",
  "refresh_token_expires_in": "15811200",
  "scope": "",
  "token_type": "bearer"
}

Configuring expiring user tokens for an existing GitHub App

You can enable or disable expiring user-to-server authorization tokens from your GitHub 应用程序 settings.

  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)
    用户栏中的 Settings 图标
  2. 在左侧边栏中,单击 Developer settings
    Developer settings 部分
  3. 在左侧边栏中,单击 GitHub Apps(GitHub 应用程序)
    GitHub Apps 部分
  4. Click Edit next to your chosen GitHub 应用程序.
    Settings to edit a GitHub App
  5. In the left sidebar, click Beta Features.
    Beta Features menu option
  6. Next to "User-to-server token expiration", click Opt-in or Opt-out. This setting may take a couple of seconds to apply.

Opting out of expiring tokens for new GitHub Apps

When you create a new GitHub 应用程序, by default your app will use expiring user-to-server access tokens.

If you want your app to use non-expiring user-to-server access tokens, you can deselect "Expire user authorization tokens" on the app settings page.

Option to opt-in to expiring user tokens during GitHub Apps setup

Existing GitHub 应用程序s using user-to-server authorization tokens are only affected by this new flow when the app owner enables expiring user tokens for their app.

Enabling expiring user tokens for existing GitHub 应用程序s requires sending users through the OAuth flow to re-issue new user tokens that will expire in 8 hours and making a request with the refresh token to get a new access token and refresh token. For more information, see "Identifying and authorizing users for GitHub Apps."

此文档对您有帮助吗?

Privacy policy

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。