OAuth 권한 부여에 대한 REST API 엔드포인트

About OAuth apps and OAuth authorizations of GitHub Apps

You can use these endpoints to manage the OAuth tokens that OAuth apps or GitHub Apps use to access people's accounts on GitHub.com.

Tokens for OAuth apps have the prefix gho_, while OAuth tokens for GitHub Apps, used for authenticating on behalf of the user, have the prefix ghu_. You can use the following endpoints for both types of OAuth tokens.

Delete an app authorization

OAuth and GitHub application owners can revoke a grant for their application and a specific user. You must use Basic Authentication when accessing this endpoint, using the OAuth application's client_id and client_secret as the username and password. You must also provide a valid OAuth access_token as an input parameter and the grant for the token's owner will be deleted. Deleting an application's grant will also delete all OAuth tokens associated with the application for the user. Once deleted, the application will have no access to the user's account and will no longer be listed on the application authorizations settings screen within GitHub.

"Delete an app authorization"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Delete an app authorization"에 대한 매개 변수

헤더
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`client_id` string Required The client ID of the GitHub app.

본문 매개 변수
이름, Type, 설명
`access_token` string Required The OAuth access token used to authenticate to the GitHub API.

"Delete an app authorization"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

"Delete an app authorization"에 대한 코드 샘플

요청 예제

delete/applications/{client_id}/grant

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/grant \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204

Check a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method for checking OAuth token validity without exceeding the normal rate limits for failed login attempts. Authentication works differently with this particular endpoint. You must use Basic Authentication to use this endpoint, where the username is the application client_id and the password is its client_secret. Invalid tokens will return 404 NOT FOUND.

"Check a token"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Check a token"에 대한 매개 변수

헤더
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`client_id` string Required The client ID of the GitHub app.

본문 매개 변수
이름, Type, 설명
`access_token` string Required The access_token of the OAuth or GitHub application.

"Check a token"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`200`	OK
`404`	Resource not found
`422`	Validation failed, or the endpoint has been spammed.

"Check a token"에 대한 코드 샘플

요청 예제

post/applications/{client_id}/token

curl -L \
  -X POST \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://api.github.com/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

Reset a token

OAuth applications and GitHub applications with OAuth authorizations can use this API method to reset a valid OAuth token without end-user involvement. Applications must save the "token" property in the response because changes take effect immediately. You must use Basic Authentication when accessing this endpoint, using the application's client_id and client_secret as the username and password. Invalid tokens will return 404 NOT FOUND.

"Reset a token"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Reset a token"에 대한 매개 변수

헤더
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`client_id` string Required The client ID of the GitHub app.

본문 매개 변수
이름, Type, 설명
`access_token` string Required The access_token of the OAuth or GitHub application.

"Reset a token"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`200`	OK
`422`	Validation failed, or the endpoint has been spammed.

"Reset a token"에 대한 코드 샘플

요청 예제

patch/applications/{client_id}/token

curl -L \
  -X PATCH \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 200

{
  "id": 1,
  "url": "https://api.github.com/authorizations/1",
  "scopes": [
    "public_repo",
    "user"
  ],
  "token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "token_last_eight": "Ae178B4a",
  "hashed_token": "25f94a2a5c7fbaf499c665bc73d67c1c87e496da8985131633ee0a95819db2e8",
  "app": {
    "url": "http://my-github-app.com",
    "name": "my github app",
    "client_id": "Iv1.8a61f9b3a7aba766"
  },
  "note": "optional note",
  "note_url": "http://optional/note/url",
  "updated_at": "2011-09-06T20:39:23Z",
  "created_at": "2011-09-06T17:26:27Z",
  "fingerprint": "jklmnop12345678",
  "expires_at": "2011-09-08T17:26:27Z",
  "user": {
    "login": "octocat",
    "id": 1,
    "node_id": "MDQ6VXNlcjE=",
    "avatar_url": "https://github.com/images/error/octocat_happy.gif",
    "gravatar_id": "",
    "url": "https://api.github.com/users/octocat",
    "html_url": "https://github.com/octocat",
    "followers_url": "https://api.github.com/users/octocat/followers",
    "following_url": "https://api.github.com/users/octocat/following{/other_user}",
    "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
    "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
    "subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
    "organizations_url": "https://api.github.com/users/octocat/orgs",
    "repos_url": "https://api.github.com/users/octocat/repos",
    "events_url": "https://api.github.com/users/octocat/events{/privacy}",
    "received_events_url": "https://api.github.com/users/octocat/received_events",
    "type": "User",
    "site_admin": false
  }
}

Delete an app token

OAuth or GitHub application owners can revoke a single token for an OAuth application or a GitHub application with an OAuth authorization. You must use Basic Authentication when accessing this endpoint, using the application's client_id and client_secret as the username and password.

"Delete an app token"에 대한 세분화된 액세스 토큰

이 엔드포인트는 GitHub 앱 사용자 액세스 토큰, GitHub 앱 설치 액세스 토큰 또는 세분화된 개인용 액세스 토큰에서 작동하지 않습니다.

"Delete an app token"에 대한 매개 변수

헤더
이름, Type, 설명
`accept` string Setting to `application/vnd.github+json` is recommended.

경로 매개 변수
이름, Type, 설명
`client_id` string Required The client ID of the GitHub app.

본문 매개 변수
이름, Type, 설명
`access_token` string Required The OAuth access token used to authenticate to the GitHub API.

"Delete an app token"에 대한 HTTP 응답 상태 코드

상태 코드	설명
`204`	No Content
`422`	Validation failed, or the endpoint has been spammed.

"Delete an app token"에 대한 코드 샘플

요청 예제

delete/applications/{client_id}/token

curl -L \
  -X DELETE \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/applications/Iv1.8a61f9b3a7aba766/token \
  -d '{"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a"}'

Response

Status: 204