mirror of
https://github.com/github/codeql-action.git
synced 2025-12-30 11:10:22 +08:00
74 lines
2.3 KiB
JavaScript
74 lines
2.3 KiB
JavaScript
import { createDeviceCode, exchangeDeviceCode } from "@octokit/oauth-methods";
|
|
async function getOAuthAccessToken(state, options) {
|
|
const cachedAuthentication = getCachedAuthentication(state, options.auth);
|
|
if (cachedAuthentication) return cachedAuthentication;
|
|
const { data: verification } = await createDeviceCode({
|
|
clientType: state.clientType,
|
|
clientId: state.clientId,
|
|
request: options.request || state.request,
|
|
// @ts-expect-error the extra code to make TS happy is not worth it
|
|
scopes: options.auth.scopes || state.scopes
|
|
});
|
|
await state.onVerification(verification);
|
|
const authentication = await waitForAccessToken(
|
|
options.request || state.request,
|
|
state.clientId,
|
|
state.clientType,
|
|
verification
|
|
);
|
|
state.authentication = authentication;
|
|
return authentication;
|
|
}
|
|
function getCachedAuthentication(state, auth) {
|
|
if (auth.refresh === true) return false;
|
|
if (!state.authentication) return false;
|
|
if (state.clientType === "github-app") {
|
|
return state.authentication;
|
|
}
|
|
const authentication = state.authentication;
|
|
const newScope = ("scopes" in auth && auth.scopes || state.scopes).join(
|
|
" "
|
|
);
|
|
const currentScope = authentication.scopes.join(" ");
|
|
return newScope === currentScope ? authentication : false;
|
|
}
|
|
async function wait(seconds) {
|
|
await new Promise((resolve) => setTimeout(resolve, seconds * 1e3));
|
|
}
|
|
async function waitForAccessToken(request, clientId, clientType, verification) {
|
|
try {
|
|
const options = {
|
|
clientId,
|
|
request,
|
|
code: verification.device_code
|
|
};
|
|
const { authentication } = clientType === "oauth-app" ? await exchangeDeviceCode({
|
|
...options,
|
|
clientType: "oauth-app"
|
|
}) : await exchangeDeviceCode({
|
|
...options,
|
|
clientType: "github-app"
|
|
});
|
|
return {
|
|
type: "token",
|
|
tokenType: "oauth",
|
|
...authentication
|
|
};
|
|
} catch (error) {
|
|
if (!error.response) throw error;
|
|
const errorType = error.response.data.error;
|
|
if (errorType === "authorization_pending") {
|
|
await wait(verification.interval);
|
|
return waitForAccessToken(request, clientId, clientType, verification);
|
|
}
|
|
if (errorType === "slow_down") {
|
|
await wait(verification.interval + 7);
|
|
return waitForAccessToken(request, clientId, clientType, verification);
|
|
}
|
|
throw error;
|
|
}
|
|
}
|
|
export {
|
|
getOAuthAccessToken
|
|
};
|