GitHub Copilot API

OAuth2 Device Flow implementation for GitHub Copilot.

Functions

InitiateDeviceFlow / initiate_device_flow

Initiates the OAuth device authorization flow.

Returns: Device code response containing: - device_code: Device verification code - user_code: User-friendly code to display - verification_uri: URL for user authorization - expires_in: Code expiration time (seconds) - interval: Polling interval (seconds)

GoPythonTypeScript

func InitiateDeviceFlow(ctx context.Context) (*DeviceCodeResponse, error)

async def initiate_device_flow() -> DeviceCode

async function initiateDeviceFlow(): Promise<DeviceCode>

Example:

GoPythonTypeScript

ctx := context.Background()
deviceCode, err := copilot.InitiateDeviceFlow(ctx)
if err != nil {
    log.Fatal(err)
}
fmt.Printf("Visit: %s\n", deviceCode.VerificationURI)
fmt.Printf("Code: %s\n", deviceCode.UserCode)

device_code = await initiate_device_flow()
print(f"Visit: {device_code.verification_uri}")
print(f"Code: {device_code.user_code}")

const deviceCode = await initiateDeviceFlow();
console.log(`Visit: ${deviceCode.verificationUri}`);
console.log(`Code: ${deviceCode.userCode}`);

---

PollForToken / poll_for_token

Polls for access token after user authorization.

Parameters: - device_code: Device code from initiation - on_success: Optional callback on successful authentication

Returns: Access token

GoPythonTypeScript

func PollForToken(ctx context.Context, deviceCode *DeviceCodeResponse, 
                  onSuccess func(*Token)) (*Token, error)

async def poll_for_token(device_code: DeviceCode, 
                        on_success: Optional[Callable] = None) -> Token

async function pollForToken(deviceCode: DeviceCode, 
                           onSuccess?: (token: Token) => void): Promise<Token>

Behavior: - Polls every interval seconds - Handles authorization_pending automatically - Increases interval by 5s on slow_down error - Calls on_success callback when complete

---

ReadTokenFromDisk / read_token_from_disk

Reads cached token from official Copilot client.

Returns: Cached token if available

GoPythonTypeScript

func ReadTokenFromDisk() (*Token, error)

def read_token_from_disk() -> Token

function readTokenFromDisk(): Token

Cache Locations: - macOS: ~/Library/Application Support/github-copilot/hosts.json - Linux: ~/.config/github-copilot/hosts.json - Windows: %APPDATA%\github-copilot\hosts.json

---

NewClient / Client

Creates HTTP client with X-Initiator header injection.

GoPythonTypeScript

func NewClient() *http.Client

client = Client()
response = client.get("https://api.github.com/...")

const client = createClient();
const response = await client.get("https://api.github.com/...");

Constants

Name	Value	Description
ClientID	Iv1.b507a08c87ecfe98	GitHub Copilot client ID
DeviceCodeURL	https://github.com/login/device/code	Device code endpoint
AccessTokenURL	https://github.com/login/oauth/access_token	Token exchange endpoint

Error Handling

Common errors:

• authorization_pending: User hasn't authorized yet (retry)
• slow_down: Polling too fast (increase interval)
• expired_token: Device code expired (restart flow)
• access_denied: User denied authorization