Created
November 30, 2016 13:07
-
-
Save andrewn/76e84b070fd20c405029fc2cf0eec0c9 to your computer and use it in GitHub Desktop.
Access github API in browser using personal access token
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!doctype html> | |
<html> | |
<head> | |
<meta charset="utf-8"> | |
<title>Taxfix Question Editor</title> | |
<link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet"> | |
</head> | |
<body> | |
<div id='root'> | |
</div> | |
<script> | |
const user = 'andrewn'; | |
// Generate token here: https://github.com/settings/tokens | |
const token = '<token goes here>'; | |
const endpoint = 'https://api.github.com'; | |
const creds = `${user}:${token}`; | |
const auth = btoa(creds); | |
const options = { | |
mode: 'cors', | |
headers: { | |
'Authorization': 'Basic ' + auth, | |
} | |
} | |
const api = (resource) => { | |
return fetch(`${endpoint}${resource}`, options) | |
.then( | |
response => response.json(), | |
err => console.error('Error fetching', err) | |
) | |
.then( | |
json => console.log('JSON', json), | |
err => console.error('Error parsing', err) | |
); | |
} | |
// Get info for this user | |
api('/user'); | |
// Get pull requests from this repo | |
api('/repos/taxfix/taxfix-question-editor/pulls'); | |
</script> | |
</body> | |
</html> |
Don't expose your token in browser!!!
Unnecessary scaremongering. No where the gist mentions to host the html on a public facing site. Runing something in the browser does not mean it is exposed publicly.
Its perfectly safe to use a personal access token in the browser for personal use.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I just came across this from Google and I just wanted to warn anyone reading this that you should never use a personal access token in the browser since you will have just exposed it publicly. If anyone has done this, immediately go refresh your token and then remove the code from your client side code.