Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Github Api
Docs

Github Api Laravel Package

knplabs/github-api

Lightweight, well-tested PHP wrapper for GitHub APIs v3 (REST) and v4 (GraphQL). PSR-17/PSR-18 compatible via HTTPlug, with easy setup using Guzzle, Symfony HttpClient, or other PSR clients. Supports framework integrations (Laravel via graham-campbell/github).

View on GitHub
Deep Wiki
Context7

Authentication & Security

Back to the navigation

Most GitHub services do not require authentication, but some do. For example the methods that allow you to change properties on Repositories and some others. Therefore this step is facultative.

Authenticate

GitHub provides some different ways of authentication. This API implementation implements three of them which are handled by one function:

$client->authenticate($usernameOrToken, $password, $method);

$usernameOrToken is, of course, the username (or in some cases token/client ID, more details you can find below), and guess what should contain $password. The $method can contain one of the three allowed values:

Supported methods

The required value of $password depends on the chosen $method. For Github\AuthMethod::CLIENT_ID, Github\AuthMethod::ACCESS_TOKEN and Github\AuthMethod::JWT methods you should provide the API token in $usernameOrToken variable ($password is omitted in this particular case).

The Github\AuthMethod::JWT authentication method sends the specified JSON Web Token in an Authorization header.

After executing the $client->authenticate($usernameOrToken, $secret, $method); method using correct credentials, all further requests are done as the given user.

Authenticating as an Integration

To authenticate as an integration you need to supply a JSON Web Token with Github\AuthMethod::JWT to request and installation access token which is then usable with Github\AuthMethod::ACCESS_TOKEN. GitHub´s integration authentication docs describe the flow in detail. It´s important for integration requests to use the custom Accept header application/vnd.github.machine-man-preview.

The following sample code authenticates as an installation using lcobucci/jwt 4.1 to generate a JSON Web Token (JWT).

use Github\HttpClient\Builder;
use Lcobucci\JWT\Configuration;
use Lcobucci\JWT\Encoding\ChainedFormatter;
use Lcobucci\JWT\Signer\Key\LocalFileReference;
use Lcobucci\JWT\Signer\Rsa\Sha256;

$builder = new Builder();

$github = new Github\Client($builder, 'machine-man-preview');

$config = Configuration::forSymmetricSigner(
    new Sha256(),
    LocalFileReference::file('path/to/integration.private-key.pem')
);

$now = new \DateTimeImmutable();
$jwt = $config->builder(ChainedFormatter::withUnixTimestampDates())
    ->issuedBy($integrationId)
    ->issuedAt($now)
    ->expiresAt($now->modify('+1 minute'))
    ->getToken($config->signer(), $config->signingKey())
;

$github->authenticate($jwt->toString(), null, Github\AuthMethod::JWT);

The $integrationId you can find in the about section of your GitHub app. The $installationId you can find by installing the app and using the id in the url.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4
php-http/client-implementation
phpcr/phpcr-implementation
cucumber/gherkin-monorepo
haydenpierce/class-finder
psr/simple-cache-implementation