feat: Add support for exchanging oauth code for access token #780
Conversation
| /// Exchange a code for a user access token | ||
| /// | ||
| /// see: https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps | ||
| pub async fn get_access_token( |
There was a problem hiding this comment.
Is there a reason this is a free function as opposed to a impl method?
There was a problem hiding this comment.
Hi @XAMPPRocky, TBH I didn't see any value in adding an additional structure as it was done for the device flow. In that case, it's useful as the params are received from another REST API. But if you see any case in which I'm not considering I can change this to be a method
There was a problem hiding this comment.
How does this look in octokit.js? We try to follow similar conventions when possible.
There was a problem hiding this comment.
Ok, it seems that in octokit is defined as a struct:
export type ExchangeWebFlowCodeGitHubAppOptions = {
clientType: "github-app";
clientId: string;
clientSecret: string;
code: string;
redirectUrl?: string;
request?: RequestInterface;
};
https://github.com/octokit/oauth-methods.js/blob/main/src/exchange-web-flow-code.ts
Also the redirectUri seems to be opt.
I'll update the MR and replicate this behavior
There was a problem hiding this comment.
Sorry I meant how does it look to get the access token? Like what does the actual method call look like if you used octokit?
There was a problem hiding this comment.
There are two options (GitHub App is the recommended one):
export async function exchangeWebFlowCode(
options: ExchangeWebFlowCodeOAuthAppOptions,
): Promise<ExchangeWebFlowCodeOAuthAppResponse>;
export async function exchangeWebFlowCode(
options: ExchangeWebFlowCodeGitHubAppOptions,
): Promise<ExchangeWebFlowCodeGitHubAppResponse>;
export async function exchangeWebFlowCode(
options:
| ExchangeWebFlowCodeOAuthAppOptions
| ExchangeWebFlowCodeGitHubAppOptions,
): Promise<any> {..}
https://github.com/octokit/oauth-methods.js/blob/main/src/exchange-web-flow-code.ts
There was a problem hiding this comment.
My two cents - the new method should follow the pattern of other post methods and return a Builder to set optional parameters, e.g. redirect_uri. This allows the API to evolve forward without breaking existing usages and is pleasant to use with optional parameters. https://docs.rs/octocrab/latest/octocrab/repos/releases/struct.CreateReleaseBuilder.html, for example
| // Strongly recommended. The URL in your application where users will be sent after authorization. | ||
| redirect_uri: &'a str, |
There was a problem hiding this comment.
I think redirect_uri is only strongly recommended when directing the user to https://github.com/login/oauth/access_token to login. When calling https://github.com/login/oauth/access_token, redirect_uri is unused afaict and the documentation doesn't mention strongly recommended.
I suggest making this parameter optional.
| /// Exchange a code for a user access token | ||
| /// | ||
| /// see: https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps | ||
| pub async fn get_access_token( |
There was a problem hiding this comment.
My two cents - the new method should follow the pattern of other post methods and return a Builder to set optional parameters, e.g. redirect_uri. This allows the API to evolve forward without breaking existing usages and is pleasant to use with optional parameters. https://docs.rs/octocrab/latest/octocrab/repos/releases/struct.CreateReleaseBuilder.html, for example
closes #638