'Store oauth token as a github secret

I use the R package httr to authenticate myself at an oauth endpoint (strava) using oauth_endpoint(), oauth_app() and oauth2.0_token() (Step 1).

# Step 1: Genrate oauth token

strava_endpoint <- oauth_endpoint(
  request = NULL,
  authorize = "authorize", 
  access = "token",
  base_url = "https://www.strava.com/api/v3/oauth/"
)

myapp <- oauth_app(
  "strava", 
  key = 0000000,        # <- my key
  secret = "mysecret"   # <- my secret
)

mytok <- oauth2.0_token(
  endpoint = strava_endpoint, 
  app = myapp,
  scope = c("activity:read_all"),
  cache = TRUE
)

This last function requires me to authenticate via browser and permit the requested scope, which is then cached as a token .httr-oauth. After doing this once, I can use this token file with readRDS() to use GET() via the strava API (Step 2)

# Step 2: Use the file ".httr-oauth" got use the API (GET)
mytok <- readRDS(".httr-oauth")[[1]]

GET("https://www.strava.com/api/v3/athlete", config(token = mytok))

Response [https://www.strava.com/api/v3/athlete]
  Date: 2022-03-09 07:53
  Status: 200
  Content-Type: application/json; charset=utf-8
  Size: 650 B

This works fine locally. However, I would like to pass this token to a github action to GET() on my behalf. In other words, I want to do Step 1 locally and use the generated token (file .httr-oauth) in a Github Action (Step 2)

But, since this token is a secret and should be added to .gitignore, I don't know how to authenticate the github action.

I thought I could add .httr-oauth as a github secret, but it seems to be an encrypted file.

Is there a different way to authorize a github action to GET() my data via an API (e.g. strava)?

roauthgithub-actionshttr


Solution 1:[1]

but it seems to be an encrypted file.

The "Using encrypted secrets in a workflow" shows you should be able to retrieve the value of that secret:

steps:
  - name: Hello world action
    with: # Set the secret as an input
      super_secret: ${{ secrets.SuperSecret }}
    env: # Or as an environment variable
      super_secret: ${{ secrets.SuperSecret }}

It is then a variable (or environment variable), with its value (not encrypted) you can use in the rest of your workflow.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 VonC

Related Questions

R - Gamma distribution - Linear Mixed-Effects Model - lmer/glmer errors

R - Gamma distribution - Linear Mixed-Effects Model - lmer/glmer errors

R - Gamma distribution - Linear Mixed-Effects Model - lmer/glmer errors

R - Gamma distribution - Linear Mixed-Effects Model - lmer/glmer errors

Error when using DiceKriging function km: 'Error in t.default(T) : argument is not a matrix'

How to connect SQL Server with Rstudio?

[Shiny]: Add link to another tabPanel in another tabPanel

Calculate correlation with cor(), only for numerical columns

Trying to be benchmark dplyr vs data.table

Does a plug-in selector bivariate kernel density estimator with weights exist for python?

predict() and resid() for lavaan.survey

python(or numpy) equivalent of match in R

ggplot2: fill color behaviour of geom_ribbon

Grouped bar plot in ggplot

How to reactively change title of ShinyDashboard box in R?