2

Here is the code I'm using, but I keep getting a 403 error in response.

let username = "CLIENT_ID_GOES_HERE";
let password = "SECRET_GOES_HERE";
let basicAuth = Buffer.from(`${username}:${password}`).toString('base64');

try {
    response = await axios.delete(`https://github.com/applications/${clientId}/grant`, 
    {
        headers: {
            'Authorization': `Basic ${basicAuth}`,
            'Accept': 'application/vnd.github.v3+json',
        },
        data: {
            access_token: token
        }
    });
} catch (e) {
    return {
        statusCode: 502,
        body: JSON.stringify(e)
    }
}

I've verified that the client ID, secret and token are all correct. The token I'm using is the one that is returned by github upon authenticating.

Improve this question
3
  • 1
    From what i can see in the docs the authorization header type is Token not basic Commented Jun 23, 2022 at 21:01
  • Yup I saw that too, but if you read the description of the endpoint, it says that Basic authentication is required. So it's really confusing. I'll try again with the Token type. Commented Jun 23, 2022 at 23:37
  • GH's implementation of Basic Auth isn't RFC 2617-compliant, as noted by their doc. Authorization: token... isn't Basic Auth at all as defined by the RFC, it's a GH-custom thing. GH docs calling this 'Basic Auth' is a doc bug. Commented Jun 26, 2022 at 19:59

3 Answers 3

Reset to default
2

I figured it out. First, I had to modify my axios request to be able to see the full error message. Inside the 'catch' part of a try-catch, I was able to take a look at the value of error.response.data.

The error I was getting was "Cookies must be enabled to use github".

After some Googling, someone with the same error commented that they had to use the host api.github.com. Turns out that I was using github.com. Once I changed this, the error went away.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Check if, as in here, a token authorization header would work better:

Authorization: `token ${process.env.GITHUB_TOKEN}`,
Improve this answer

2 Comments

I've used this but got the same 403 error. Is this supposed to be the token that github returns when you first authenticate?
@Dominique It should be your PAT (Personal Access Token)
0

Another Way:

TOKEN = "..."
GITHUB_CLIENT_ID = "..."
GITHUB_CLIENT_SECRET = "..."
try {
        const credentials = `${GITHUB_CLIENT_ID}:${GITHUB_CLIENT_SECRET}`;
        const encodedCredentials = btoa(credentials);

        const response = await fetch(`https://api.github.com/applications/${GITHUB_CLIENT_ID}/token`, {
            method: 'DELETE',
            headers: {
                Authorization: `Basic ${encodedCredentials}`,
                Accept: 'application/vnd.github+json',
                'X-GitHub-Api-Version': '2022-11-28',
            },
            body: JSON.stringify({
                access_token: TOKEN
            })
        });

        if (response.ok) {
            console.log('Successfully revoked Github token');
            return "Successfully revoked Github token";
        } else {
            console.error('Failed to revoke Github token', response.statusText);
            return "ERROR";
        }
} catch (error) {
    console.error('Error revoking Github token:', error);
    return "ERROR";
}
Improve this answer

1 Comment

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.