feat: use @octokit/auth for authentication strategies, deprecate previous auth options

Author: gr2m

index.js

@@ -1,9 +1,9 @@
 const Octokit = require("./lib/core");
 
 const CORE_PLUGINS = [
-  require("./plugins/log"),
-  require("./plugins/authentication-deprecated"), // deprecated: remove in v17
   require("./plugins/authentication"),
+  require("./plugins/authentication-deprecated"), // deprecated: remove in v17
+  require("./plugins/log"),
   require("./plugins/pagination"),
   require("./plugins/register-endpoints"),
   require("./plugins/rest-api-endpoints"),

plugins/authentication/before-request.js

@@ -7,18 +7,6 @@ const withAuthorizationPrefix = require("./with-authorization-prefix");
 function authenticationBeforeRequest(state, options) {
   if (typeof state.auth === "string") {
     options.headers.authorization = withAuthorizationPrefix(state.auth);
-
-    // https://developer.github.com/v3/previews/#integrations
-    if (
-      /^bearer /i.test(state.auth) &&
-      !/machine-man/.test(options.headers.accept)
-    ) {
-      const acceptHeaders = options.headers.accept
-        .split(",")
-        .concat("application/vnd.github.machine-man-preview+json");
-      options.headers.accept = acceptHeaders.filter(Boolean).join(",");
-    }
-
     return;
   }
 

plugins/authentication/index.js

@@ -1,14 +1,69 @@
 module.exports = authenticationPlugin;
 
+const { createTokenAuth } = require("@octokit/auth-token");
+const { Deprecation } = require("deprecation");
+const once = require("once");
+
 const beforeRequest = require("./before-request");
 const requestError = require("./request-error");
 const validate = require("./validate");
+const withAuthorizationPrefix = require("./with-authorization-prefix");
+
+const deprecateAuthBasic = once((log, deprecation) => log.warn(deprecation));
+const deprecateAuthObject = once((log, deprecation) => log.warn(deprecation));
 
 function authenticationPlugin(octokit, options) {
+  // If `options.authStrategy` is set then use it and pass in `options.auth`
+  if (options.authStrategy) {
+    const auth = options.authStrategy(options.auth);
+    octokit.hook.wrap("request", auth.hook);
+    octokit.auth = auth;
+    return;
+  }
+
+  // If neither `options.authStrategy` nor `options.auth` are set, the `octokit` instance
+  // is unauthenticated. The `octokit.auth()` method is a no-op and no request hook is registred.
   if (!options.auth) {
+    octokit.auth = () =>
+      Promise.resolve({
+        type: "unauthenticated"
+      });
     return;
   }
 
+  const isBasicAuthString =
+    typeof options.auth === "string" &&
+    /^basic/.test(withAuthorizationPrefix(options.auth));
+
+  // If only `options.auth` is set to a string, use the default token authentication strategy.
+  if (typeof options.auth === "string" && !isBasicAuthString) {
+    const auth = createTokenAuth(options.auth);
+    octokit.hook.wrap("request", auth.hook);
+    octokit.auth = auth;
+    return;
+  }
+
+  // Otherwise log a deprecation message
+  const [deprecationMethod, deprecationMessapge] = isBasicAuthString
+    ? [
+        deprecateAuthBasic,
+        'Setting the "new Octokit({ auth })" option to a Basic Auth string is deprecated. Use https://github.com/octokit/auth-basic.js instead. See (https://octokit.github.io/rest.js/#authentication)'
+      ]
+    : [
+        deprecateAuthObject,
+        'Setting the "new Octokit({ auth })" option to an object without also setting the "authStrategy" option is deprecated and will be removed in v17. See (https://octokit.github.io/rest.js/#authentication)'
+      ];
+  deprecationMethod(
+    octokit.log,
+    new Deprecation("[@octokit/rest] " + deprecationMessapge)
+  );
+
+  octokit.auth = () =>
+    Promise.resolve({
+      type: "deprecated",
+      message: deprecationMessapge
+    });
+
   validate(options.auth);
 
   const state = {