request.js: Request an access token failed with a 406 Not Acceptable error
octokit.request('POST https://github.com/login/oauth/access_token', {
client_id: 'xxx',
client_secret: 'xxx',
code: 'xxx'
});
but got:
{ HttpError
at response.text.then.message (/usr/src/app/node_modules/@octokit/request/dist-node/index.js:66:23)
at process._tickCallback (internal/process/next_tick.js:68:7)
name: 'HttpError',
status: 406,
headers:
{ 'cache-control': 'no-cache',
connection: 'close',
'content-security-policy':
'default-src \'none\'; base-uri \'self\'; block-all-mixed-content; connect-src \'self\' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com wss://live.github.com; font-src github.githubassets.com; form-action \'self\' github.com gist.github.com; frame-ancestors \'none\'; frame-src render.githubusercontent.com; img-src \'self\' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src \'self\'; media-src \'none\'; script-src github.githubassets.com; style-src \'unsafe-inline\' github.githubassets.com',
'content-type': 'text/html',
date: 'Mon, 05 Aug 2019 09:45:17 GMT',
'expect-ct':
'max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'set-cookie':
'has_recent_activity=1; path=/; expires=Mon, 05 Aug 2019 10:45:17 -0000, ignored_unsupported_browser_notice=false; path=/',
status: '406 Not Acceptable',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'X-PJAX',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-request-id': 'D9D4:CE13:12F09C0:1D5FA50:5D47FAAD',
'x-request-id': '238cdf6e-28ac-4d06-8a9f-00ff204ceedc',
'x-xss-protection': '1; mode=block' },
request:
{ method: 'POST',
url: 'https://github.com/login/oauth/access_token',
headers:
{ accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit.js/16.28.7 Node.js/10.16.0 (Linux 4.9; x64)',
'content-type': 'application/json; charset=utf-8' },
body:
'{"client_id":"xxx","client_secret":"xxx","code":"xxx"}',
request: { hook: [Function: bound bound register] } } }
Not sure what I am doing wrong
About this issue
- Original URL
- State: closed
- Created 5 years ago
- Comments: 15 (5 by maintainers)
The docs are being updated, the preview message will be removed. Thanks again Bogdan!
@klichukb
This is a defect, and you should see updated docs in the next 24 hours! The
machine-manpreview is only needed when using theGET /user/installationsandGET /user/installations/:installation_id/repositoriesendpoints listed on that page.Yes, that is correct. Only expiring tokens are in beta. Everything else is production-ready. We are trying to clarify in our docs what the beta applies to. This is great feedback to hear and we’ll use it to improve the experience around documenting beta features.
As far as I understand it, yes. Only the expiring tokens are new, the rest has been around for years
Has anyone contacted support about this? https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps/ Why do they have a warning and a “preview” header requirement above the “/login/oauth/access_token” endpoint?
I’ve just run into this myself while working on https://github.com/octokit/auth-oauth-app.js (would appreciate if you could give it a try!)
https://github.com/login/oauth/access_tokenis not part of the REST API so it does not know what to do with theaccept: 'application/vnd.github.v3+json'header which@octokit/requestsets by default.Could you pass a custom accept header to the request?
That should work