@@ -13,15 +13,17 @@ $client->authenticate($usernameOrToken, $password, $method);
1313```
1414
1515` $usernameOrToken ` is, of course, the username (or in some cases token/client ID, more details you can find below),
16- and guess what should contain ` $password ` . The ` $method ` can contain one of the three allowed values:
16+ and guess what should contain ` $password ` . The ` $method ` can contain one of the five allowed values:
1717
1818* ` Github\Client::AUTH_URL_TOKEN `
1919* ` Github\Client::AUTH_URL_CLIENT_ID `
2020* ` Github\Client::AUTH_HTTP_TOKEN `
2121* ` Github\Client::AUTH_HTTP_PASSWORD `
22+ * ` Github\Client::AUTH_JWT `
2223
23- The required value of ` $password ` depends on the chosen ` $method ` . For the ` Github\Client::AUTH_*_TOKEN ` methods,
24- you should provide the API token in ` $username ` variable (` $password ` is omitted in this particular case). For the
24+ The required value of ` $password ` depends on the chosen ` $method ` . For ` Github\Client::AUTH_URL_TOKEN ` ,
25+ ` Github\Client::AUTH_HTTP_TOKEN ` and ` Github\Client::JWT ` methods you should provide the API token in
26+ ` $username ` variable (` $password ` is omitted in this particular case). For the
2527` Github\Client::AUTH_HTTP_PASSWORD ` , you should provide the password of the account. When using ` Github\Client::AUTH_URL_CLIENT_ID `
2628` $usernameOrToken ` should contain your client ID, and ` $password ` should contain client secret.
2729
@@ -32,10 +34,37 @@ all further requests are done as the given user.
3234
3335The ` Github\Client::AUTH_URL_TOKEN ` authentication method sends the API token in URL parameters.
3436The ` Github\Client::AUTH_URL_CLIENT_ID ` authentication method sends the client ID and secret in URL parameters.
35- The ` Github_Client::AUTH_HTTP_* ` authentication methods send their values to GitHub using HTTP Basic Authentication.
37+ The ` Github\Client::AUTH_HTTP_* ` authentication methods send their values to GitHub using HTTP Basic Authentication.
38+ The ` Github\Client::AUTH_JWT ` authentication method sends the specified JSON Web Token in an Authorization header.
3639
3740` Github\Client::AUTH_URL_TOKEN ` used to be the only available authentication method. To prevent existing applications
3841from changing their behavior in case of an API upgrade, this method is chosen as the default for this API implementation.
3942
4043Note however that GitHub describes this method as deprecated. In most case you should use the
4144` Github\Client::AUTH_HTTP_TOKEN ` instead.
45+
46+ ### Authenticating as an Integration
47+
48+ To authenticate as an integration you need to supply a JSON Web Token with ` Github\Client::AUTH_JWT ` to request
49+ and installation access token which is then usable with ` Github\Client::AUTH_HTTP_TOKEN ` . [ Github´s integration
50+ authentication docs] ( https://developer.github.com/early-access/integrations/authentication/ ) describe the flow in detail.
51+ It´s important for integration requests to use the custom Accept header ` application/vnd.github.machine-man-preview ` .
52+
53+ The following sample code authenticates as an installation using [ lcobucci/jwt] ( https://github.com/lcobucci/jwt/tree/3.2.0 )
54+ to generate a JSON Web Token (JWT).
55+
56+ ``` php
57+ $github = new Github\Client(new GuzzleClient(), 'machine-man-preview');
58+
59+ $jwt = (new Builder)
60+ ->setIssuer($integrationId)
61+ ->setIssuedAt(time())
62+ ->setExpiration(time() + 60)
63+ ->sign(new Sha256(), (new Keychain)->getPrivateKey($pemPrivateKeyPath))
64+ ->getToken();
65+
66+ $github->authenticate($jwt, null, Github\Client::AUTH_JWT);
67+
68+ $token = $github->api('installations')->createAccessToken($installationId);
69+ $github->authenticate($token['token'], null, Github\Client::AUTH_HTTP_TOKEN);
70+ ```
0 commit comments