Create a new authorization #969
Comments
|
I don't believe there's any way to do that. Why can't you provide the client id and secret? |
|
Authorizations need an application id and secret, so that the user knows the context of why the token was created, and can revoke them at a later date. |
|
With everything I've read the id and secret need to be kept (not surprisingly) secret, but that's not possible if the code is open source. Reading the API docs and using curl it's quite easy to create a new authorization without an id or secret, and I was just wanting to be able to do that from the library. |
Totally agree, but there's many ways to do this - for example, we use environment variables we manage the credentials for the integration test suite: https://github.com/octokit/octokit.net/blob/master/Octokit.Tests.Integration/Helper.cs |
|
So...then anyone wanting to develop the code would have to create their own id and secret just to build it? |
|
@dail8859 correct |
|
Hmm OK. Sounds like a pain. Thanks for the info though. |
|
Not sure why I closed this, would still like to see the aforementioned API implemented eventually :) |
Unfortunately, this is not the repository to log that request. I think an API that doesn't require those things and doesn't use the Web Flow would have major security concerns. You could email [email protected] to make such a request and provide more context on what goals you're trying to accomplish. |
|
Just to clarify, I'm not requesting any changes to the web API, only for the library to support that API call to create a personal access token. It's how the (previously supported) Github android app did it. |
Hmm, I'm confused. Do you want the library to support the web flow? If the web API doesn't have an endpoint for us to create an authorization token without the client secret, how would we implement that in the client library. |
|
I apologize, it is very possible I'm just using some wrong terminology, so here's an example. Referencing this document, and using curl, you can see I can create a new personal access token.
Was just wanting to be able to do that with Octokit.net |
|
Ah! Got it. Want to submit a pull request implementing that change? I think we just need to add an overload to |
|
I'll have to pass :) |
|
I can take this if no one else has started it |
I'm needing to create a new authorization using basic authentication (without using the web flow) to create a token. I am not wanting to provide a client id and secret (read: can't provide). The closest thing I could find was AuthorizationsClient.Create() but it requires an id and string.
The text was updated successfully, but these errors were encountered: