feat: oauth access tokens

Author: gr2m

src/auth.ts

@@ -1,6 +1,7 @@
 import { AuthOptions, StrategyOptionsWithDefaults } from "./types";
 import { getAppAuthentication } from "./get-app-authentication";
 import { getInstallationAuthentication } from "./get-installation-authentication";
+import { getOAuthAuthentication } from "./get-oauth-authentication";
 
 export async function auth(
   state: StrategyOptionsWithDefaults,
@@ -10,5 +11,9 @@ export async function auth(
     return getAppAuthentication(state.id, state.privateKey);
   }
 
-  return getInstallationAuthentication(state, options);
+  if (options.type === "installation") {
+    return getInstallationAuthentication(state, options);
+  }
+
+  return getOAuthAuthentication(state, options);
 }

src/get-oauth-authentication.ts

@@ -0,0 +1,47 @@
+import {
+  Request,
+  OAuthOptions,
+  StrategyOptionsWithDefaults,
+  OAuthAccesTokenAuthentication
+} from "./types";
+
+export async function getOAuthAuthentication(
+  state: StrategyOptionsWithDefaults,
+  options: OAuthOptions,
+  customRequest?: Request
+): Promise<OAuthAccesTokenAuthentication> {
+  const request = customRequest || state.request;
+
+  // The "/login/oauth/access_token" is not part of the REST API hosted on api.github.com,
+  // instead it’s using the github.com domain.
+  const route = /^https:\/\/(api\.)?github\.com$/.test(
+    state.request.endpoint.DEFAULTS.baseUrl
+  )
+    ? "POST https://github.com/login/oauth/access_token"
+    : `POST ${state.request.endpoint.DEFAULTS.baseUrl.replace(
+        "/api/v3",
+        "/login/oauth/access_token"
+      )}`;
+
+  const parameters = {
+    headers: {
+      accept: `application/json`
+    },
+    client_id: state.clientId,
+    client_secret: state.clientSecret,
+    code: options.code,
+    state: options.state,
+    redirect_uri: options.redirectUrl
+  };
+
+  const {
+    data: { access_token: token, scope }
+  } = await request(route, parameters);
+
+  return {
+    type: "token",
+    tokenType: "oauth",
+    token,
+    scopes: scope.split(/,\s*/).filter(Boolean)
+  };
+}

src/types.ts

@@ -19,6 +19,7 @@ export interface AppAuth {
 export type APP_TYPE = "app";
 export type TOKEN_TYPE = "token";
 export type INSTALLATION_TOKEN_TYPE = "installation";
+export type OAUTH_TOKEN_TYPE = "oauth";
 export type REPOSITORY_SELECTION = "all" | "selected";
 export type JWT = string;
 export type ACCESS_TOKEN = string;
@@ -47,14 +48,24 @@ export type InstallationAccessTokenAuthentication = InstallationAccessTokenData
   tokenType: INSTALLATION_TOKEN_TYPE;
 };
 
+export type OAuthAccesTokenAuthentication = {
+  type: TOKEN_TYPE;
+  tokenType: OAUTH_TOKEN_TYPE;
+  token: ACCESS_TOKEN;
+  scopes: string[];
+};
+
 export type Authentication =
   | AppAuthentication
-  | InstallationAccessTokenAuthentication;
+  | InstallationAccessTokenAuthentication
+  | OAuthAccesTokenAuthentication;
 
 export type StrategyOptions = {
   id: number;
   privateKey: string;
   installationId?: number;
+  clientId?: string;
+  clientSecret?: string;
   request?: typeof request;
   cache?: Cache;
 };
@@ -75,10 +86,17 @@ export type InstallationAuthOptions = {
   refresh?: boolean;
 };
 
-export type AuthOptions = InstallationAuthOptions & {
-  type: "app" | "installation";
+export type OAuthOptions = {
+  code?: string;
+  redirectUrl?: string;
+  state?: string;
 };
 
+export type AuthOptions = InstallationAuthOptions &
+  OAuthOptions & {
+    type: "app" | "installation" | "oauth";
+  };
+
 export type WithInstallationId = {
   installationId: number;
 };