Skip to main content
REST API 现已经过版本控制。 有关详细信息,请参阅“关于 API 版本控制”。

用于 OAuth 授权的 REST API 终结点

使用 REST API 与 OAuth apps 和 GitHub Apps 的 OAuth 授权进行交互

关于 OAuth apps 和 GitHub Apps 的 OAuth 授权

可使用这些终结点来管理 OAuth apps 或 GitHub Apps 用于访问用户在 GitHub 上的帐户的 OAuth 标记。

OAuth apps 的令牌带有前缀 gho_,而用于代表用户进行身份验证的 GitHub Apps 的 OAuth 令牌带有前缀 ghu_。 可以将以下终结点用于这两种类型的 OAuth 令牌。

Delete an app authorization

OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

“Delete an app authorization”的基本身份验证

必须使用基本身份验证才能使用此终结点。 使用应用程序的 client_id 作为用户名,并使用 client_secret 作为密码。

“Delete an app authorization”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the GitHub app.

正文参数
名称, 类型, 说明
access_token string 必须

The OAuth access token used to authenticate to the GitHub API.

“Delete an app authorization”的 HTTP 响应状态代码

状态代码说明
204

No Content

422

Validation failed, or the endpoint has been spammed.

“Delete an app authorization”的示例代码

请求示例

delete/applications/{client_id}/grant
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/grant \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Check a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. Invalid tokens will return 404 NOT FOUND.

“Check a token”的基本身份验证

必须使用基本身份验证才能使用此终结点。 使用应用程序的 client_id 作为用户名,并使用 client_secret 作为密码。

“Check a token”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the GitHub app.

正文参数
名称, 类型, 说明
access_token string 必须

The access_token of the OAuth or GitHub application.

“Check a token”的 HTTP 响应状态代码

状态代码说明
200

OK

404

Resource not found

422

Validation failed, or the endpoint has been spammed.

“Check a token”的示例代码

请求示例

post/applications/{client_id}/token
curl -L \ -X POST \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200
{ "id": 1, "url": "https://api.github.com/authorizations/1", "scopes": [ "public_repo", "user" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "Iv1.8a61f9b3a7aba766" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "fingerprint": "jklmnop12345678", "expires_at": "2011-09-08T17:26:27Z", "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false } }

Reset a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. Invalid tokens will return 404 NOT FOUND.

“Reset a token”的基本身份验证

必须使用基本身份验证才能使用此终结点。 使用应用程序的 client_id 作为用户名,并使用 client_secret 作为密码。

“Reset a token”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the GitHub app.

正文参数
名称, 类型, 说明
access_token string 必须

The access_token of the OAuth or GitHub application.

“Reset a token”的 HTTP 响应状态代码

状态代码说明
200

OK

422

Validation failed, or the endpoint has been spammed.

“Reset a token”的示例代码

请求示例

patch/applications/{client_id}/token
curl -L \ -X PATCH \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200
{ "id": 1, "url": "https://api.github.com/authorizations/1", "scopes": [ "public_repo", "user" ], "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a", "token_last_eight": "Ae178B4a", "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8", "app": { "url": "http://my-github-app.com", "name": "my github app", "client_id": "Iv1.8a61f9b3a7aba766" }, "note": "optional note", "note_url": "http://optional/note/url", "updated_at": "2011-09-06T20:39:23Z", "created_at": "2011-09-06T17:26:27Z", "fingerprint": "jklmnop12345678", "expires_at": "2011-09-08T17:26:27Z", "user": { "login": "octocat", "id": 1, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false } }

Delete an app token

OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization.

“Delete an app token”的基本身份验证

必须使用基本身份验证才能使用此终结点。 使用应用程序的 client_id 作为用户名,并使用 client_secret 作为密码。

“Delete an app token”的参数

标头
名称, 类型, 说明
accept string

Setting to application/vnd.github+json is recommended.

路径参数
名称, 类型, 说明
client_id string 必须

The client ID of the GitHub app.

正文参数
名称, 类型, 说明
access_token string 必须

The OAuth access token used to authenticate to the GitHub API.

“Delete an app token”的 HTTP 响应状态代码

状态代码说明
204

No Content

422

Validation failed, or the endpoint has been spammed.

“Delete an app token”的示例代码

请求示例

delete/applications/{client_id}/token
curl -L \ -X DELETE \ -H "Accept: application/vnd.github+json" \ -u "<YOUR_CLIENT_ID>:<YOUR_CLIENT_SECRET>" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \ -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204