How to test a GitHub access token is valid?

15819

I have a bunch of GitHub access token which I have created over a period of time, Is there any quick endpoint available where I can test whether or not the token is Valid?

1 Answer

5 years ago by

Following endpoint from GitHub shows issues created by the user (the user who generated the token)

https://api.github.com/user/issues

So you can use the following curl to test whether or not a particular token is valid

curl -v -H "Authorization: token <your token>" https://api.github.com/user/issues

If it's a valid token you get 200 status code else you get 403. Following is what you get with an invalid token

$ curl -v -H "Authorization: token an_invalid_token" https://api.github.com/user/issues
*   Trying 13.233.76.15...
* TCP_NODELAY set
* Connected to api.github.com (13.233.76.15) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
*  start date: Jul  8 00:00:00 2019 GMT
*  expire date: Jul 16 12:00:00 2020 GMT
*  subjectAltName: host "api.github.com" matched cert's "*.github.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
> GET /user/issues HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.54.0
> Accept: */*
> Authorization: token an_invalid_token
> 
< HTTP/1.1 401 Unauthorized
< Date: Mon, 19 Aug 2019 16:42:30 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 93
< Server: GitHub.com
< Status: 401 Unauthorized
< X-GitHub-Media-Type: github.v3; format=json
< X-RateLimit-Limit: 60
< X-RateLimit-Remaining: 59
< X-RateLimit-Reset: 1566236550
< Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Content-Security-Policy: default-src 'none'
< X-GitHub-Request-Id: 04FB:47C9:3728:49B0:5D5AD176
< 
{
  "message": "Bad credentials",
  "documentation_url": "https://developer.github.com/v3"
}
* Connection #0 to host api.github.com left intact```
5 years ago by Karthik Divi