Feature: Support authenticating as a GitHub App with user access/refresh tokens

[object-Object]

I'm writing an application that uses an expiring user access token to authenticate a GitHub App on behalf of a user. This process uses the OAuth web flow to generate an access token and refresh token; these are valid for 8 hours and 6 months, respectively. I want to store the access and refresh tokens so that users don't have to log in each time they use the app.

I see that githubkit has OAuthWebAuthStrategy, which is useful for the initial login; however, it seems like the access and refresh tokens are stored in private variables in OAuthWebAuth, and I don't see an obvious public way to access them or to force it to fetch them. I also couldn't find an AuthStrategy that takes an access or refresh token as the input.

Ideally, this is the sort of code I would like to be able to write:

# initial login
github = GitHub(OAuthWebAuthStrategy(client_id, client_secret, code))
access_token, refresh_token = github.get_app_user_access_token()

# subsequent usages
github = GitHub(AppUserAuthStrategy(client_id, client_secret, access_token, refresh_token))

GitHub app user auth flow docs:

https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app#using-the-web-application-flow-to-generate-a-user-access-token

For comparison, here's how PyGithub's app user authentication works:

https://pygithub.readthedocs.io/en/stable/examples/Authentication.html#app-user-authentication

[yanyongyu]

Actually, the github app user access auth flow is a oauth workflow. Currently, you can do this as examples here:

from githubkit import GitHub

# auth as github app itself
g = GitHub(AppAuthStrategy(app_id, private_key, client_id, client_secret))

# switch to app user auth
user_github = g.with_auth(g.as_oauth_app().as_web_user(code))

[object-Object]

Right, but I don't have code anymore after the first login. Sorry, I think the example I gave maybe wasn't very good.

User logs into the app:

# initial login
github = GitHub(OAuthWebAuthStrategy(client_id, client_secret, code))
access_token, refresh_token = github.get_app_user_access_token()

write_tokens_to_database(user_id, access_token, refresh_token)

Later, maybe the next day and in a different part of the app, user uses the app without having to go through the OAuth web flow again:

# subsequent usages
access_token, refresh_token = read_tokens_from_database(user_id)

github = GitHub(AppUserAuthStrategy(client_id, client_secret, access_token, refresh_token))

So I think I wouldn't be able to use .as_web_user(code) for the second one, because I don't have code at that point, only the tokens I exchanged it for.

[yanyongyu]

I see... It seems i need to add a simple (token, expire token) auth strategy for oauth app. I'm also developping a github app and i disable the token expire for the user token 😂. I can use the simple token auth strategy for stored user token.

[yanyongyu]

This feature is related to #44

[yanyongyu]

In pr #115, i introduced a new oauth web/device flow. Now you can use the oauth auth strategy as follows:

from githubkit import GitHub, OAuthAppAuthStrategy, OAuthTokenAuthStrategy

github = GitHub(OAuthAppAuthStrategy("client_id", "client_secret")

user_auth: OAuthTokenAuthStrategy = await github.auth.as_web_user("code").async_exchange_token(github)
access_token = user_auth.token
refresh_token = user_auth.refresh_token

# store the refresh token in database

# when use, use refresh token to auth (access_token, expire_time is optional)
user_github = GitHub(OAuthTokenAuthStrategy("client_id", "client_secret", refresh_token="refresh_token"))