OAuth with Python and Google/GitHub

I’m trying to get OAuth setup for my desktop python program, but I have no idea what I’m doing.

The reason I’m even trying to get OAuth working is because I want to try and prevent the rate limit from being hit when users query my repo’s releases. It’s currently at 60 per minute.

I started with Google OAuth, but it’s not working. Is it even supposed to work? The token doesn’t doesn’t seem to take (I get a 401 error in the response):

	flow = InstalledAppFlow.from_client_secrets_file(
		'client_secret.json',
		['openid'])

	cred = flow.run_local_server()

	print(cred.token)

	releases_url = 'https://api.github.com/repos/Armada-Pipeline/armada-pipeline/releases'
	header = {'Authorization': 'token ' + cred.token}
	response = requests.get(releases_url, headers=header)
	json_data = json.loads(response.content)

Will this only work with a GitHub API OAuth token? Do I need to register an OAuth application in my organization? I looked into doing this, but due to my app being a desktop app I’m not sure what to put for my Callback URL or Homepage URL.

Any help is appreciated, thank you!

Hello @mikebourbeauart and welcome to the community.

Yes, requests to the GitHub API will only work anonymously or with a GitHub OAuth token.

On the other hand, when people connect to the API anonymously, the rate limiting is per IP address. Individual users shouldn’t have to check a single repository’s releases more than a few times per minute. Most repositories only make new releases very periodically :grinning:

Unless you have a bunch of users that are all hitting the API from the same IP address (for example, because they’re all behind a firewall that presents to the outside as one IP address), then you should be good unless I’m misunderstanding something?

So, do you really need to create an OAuth token for your users or can you work with the anonymous access rate limits?

Ahhh OK. That’s perfect then. Thanks for clearing that up!

1 Like