将 oauth 令牌存储为 github 秘密

发布于 2025-01-13 04:31:21 字数 1934 浏览 2 评论 0原文

我使用 R 包 httr 来使用 oauth_endpoint() 在 oauth 端点 (strava) 对自己进行身份验证， oauth_app() 和 oauth2.0_token()（步骤 1）。

# Step 1: Genrate oauth token

strava_endpoint <- oauth_endpoint(
  request = NULL,
  authorize = "authorize", 
  access = "token",
  base_url = "https://www.strava.com/api/v3/oauth/"
)

myapp <- oauth_app(
  "strava", 
  key = 0000000,        # <- my key
  secret = "mysecret"   # <- my secret
)

mytok <- oauth2.0_token(
  endpoint = strava_endpoint, 
  app = myapp,
  scope = c("activity:read_all"),
  cache = TRUE
)

最后一个函数要求我通过浏览器进行身份验证并允许请求的范围，然后将其缓存为令牌 .httr-oauth。执行此操作一次后，我可以将此令牌文件与 readRDS() 一起使用，以通过 strava API 使用 GET()（步骤 2），

# Step 2: Use the file ".httr-oauth" got use the API (GET)
mytok <- readRDS(".httr-oauth")[[1]]

GET("https://www.strava.com/api/v3/athlete", config(token = mytok))

Response [https://www.strava.com/api/v3/athlete]
  Date: 2022-03-09 07:53
  Status: 200
  Content-Type: application/json; charset=utf-8
  Size: 650 B

这在本地工作正常。但是，我想将此令牌传递给 github 操作到 GET() 代表我。换句话说，我想在本地执行步骤 1 并在 Github 操作（步骤 2）中使用生成的令牌（文件 .httr-oauth）

，但是因为这个令牌是一个秘密，应该添加到 .gitignore 中，我不知道如何验证github 行动。

我想我可以添加 .httr-oauth 作为 github Secret，但它似乎是一个加密文件。

是否有其他方法可以通过 API（例如 strava）授权 github 操作 GET() 我的数据？

原文

I use the R package httr to authenticate myself at an oauth endpoint (strava) using oauth_endpoint(), oauth_app() and oauth2.0_token() (Step 1).

# Step 1: Genrate oauth token

strava_endpoint <- oauth_endpoint(
  request = NULL,
  authorize = "authorize", 
  access = "token",
  base_url = "https://www.strava.com/api/v3/oauth/"
)

myapp <- oauth_app(
  "strava", 
  key = 0000000,        # <- my key
  secret = "mysecret"   # <- my secret
)

mytok <- oauth2.0_token(
  endpoint = strava_endpoint, 
  app = myapp,
  scope = c("activity:read_all"),
  cache = TRUE
)

This last function requires me to authenticate via browser and permit the requested scope, which is then cached as a token .httr-oauth. After doing this once, I can use this token file with readRDS() to use GET() via the strava API (Step 2)

# Step 2: Use the file ".httr-oauth" got use the API (GET)
mytok <- readRDS(".httr-oauth")[[1]]

GET("https://www.strava.com/api/v3/athlete", config(token = mytok))

Response [https://www.strava.com/api/v3/athlete]
  Date: 2022-03-09 07:53
  Status: 200
  Content-Type: application/json; charset=utf-8
  Size: 650 B

This works fine locally. However, I would like to pass this token to a github action to GET() on my behalf. In other words, I want to do Step 1 locally and use the generated token (file .httr-oauth) in a Github Action (Step 2)

But, since this token is a secret and should be added to .gitignore, I don't know how to authenticate the github action.

I thought I could add .httr-oauth as a github secret, but it seems to be an encrypted file.

Is there a different way to authorize a github action to GET() my data via an API (e.g. strava)?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

怪异←思 2025-01-20 04:31:21

但它似乎是一个加密文件。

“使用加密工作流程中的机密”显示您应该能够检索该机密的值：

steps:
  - name: Hello world action
    with: # Set the secret as an input
      super_secret: ${{ secrets.SuperSecret }}
    env: # Or as an environment variable
      super_secret: ${{ secrets.SuperSecret }}

它是一个变量（或环境变量），其值（未加密）您可以在工作流程的其余部分中使用。

but it seems to be an encrypted file.

The "Using encrypted secrets in a workflow" shows you should be able to retrieve the value of that secret:

steps:
  - name: Hello world action
    with: # Set the secret as an input
      super_secret: ${{ secrets.SuperSecret }}
    env: # Or as an environment variable
      super_secret: ${{ secrets.SuperSecret }}

It is then a variable (or environment variable), with its value (not encrypted) you can use in the rest of your workflow.

回复收藏 0 原文

~没有更多了~