- Request a user’s GitHub identity(请求一个github用户的id)
GET https://github.com/login/oauth/authorize
When your GitHub App specifies a login parameter, it prompts users with a specific account they can use for signing in and authorizing your app.
Parameters(参数)
state:防止跨站点攻击
allow_signup:此参数可选填
- Users are redirected back to your site by GitHub(用户被github重定向到你的站点)
If the user accepts your request, GitHub redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. The temporary code will expire after 10 minutes. If the states don’t match, then a third party created the request, and you should abort the process.
Exchange this code for an access token:
POST https://github.com/login/oauth/access_token
Response
By default, the response takes the following form:
access_token=e72e16c7e42f292c6912e7710c838347ae178b4a&token_type=bearer
3. Use the access token to access the API
The access token allows you to make requests to the API on a behalf of a user.
Authorization: token OAUTH-TOKEN
GET https://api.github.com/user
For example, in curl you can set the Authorization header like this:
curl -H “Authorization: token OAUTH-TOKEN” https://api.github.com/user