Reputation: 12799
Verify that a GitHub OAuth token belongs to a specific ClientID
I'm looking for a way to verify that a GitHub OAuth token belongs to a specific client id.
It looks like, once you have an OAuth token, it can not be determined whether it is a…
- personal access token
- token issued using another app (other client_id)
Upvotes: 3
Views: 1043
Answers (1)
Reputation: 12799
There is an endpoint which allows an app owner to verify that a token actually belongs to their app:
GET /applications/:client_id/tokens/:access_token
[…] You must use Basic Authentication when accessing it, where the username is the OAuth application
client_idand the password is itsclient_secret.[…]
This endpoint can be used to answer the first question "verify that a GitHub OAuth token belongs to a specific client id" only when you also know the client secret for a given client id.
There seems to be no way to answer the other question "[...] determined whether it is a personal access token [or] token issued using another app (other client id)"
See "check an authorization" in the GitHub OAuth Authorizations API documentation.
Upvotes: 3
Related Questions
- Github API OAuth token validation
- github identifying PAT token id using API?
- How can I verify which github repo a github token from a github action is coming from?
- Verify Oauth2 authorization token to see if issued for specific client
- Github API: determine if user or org
- GitHub API v3: Determine if user is an Owner of an Organization
- How to get existing token with Github API
- Determine authorization scopes for a given Github token
- GitHub Not Recognizing Passed Client ID and Secret
- Is it possible to determine verify the client_id with an access_token