fix(auth.hook): authenticate as app if code strategy option is not set (#45)

Author: gr2m

src/hook.ts

@@ -28,7 +28,7 @@ export async function hook(
     return request(endpoint);
   }
 
-  if (requiresBasicAuth(endpoint.url)) {
+  if (!state.code || requiresBasicAuth(endpoint.url)) {
     const credentials = btoa(`${state.clientId}:${state.clientSecret}`);
     endpoint.headers.authorization = `basic ${credentials}`;
 

test/index.test.ts

@@ -223,7 +223,7 @@ test("test with request instance that has custom baseUrl (GHE)", async () => {
   });
 });
 
-test("auth.hook() creates token and uses it for succeeding requests", async () => {
+test("auth.hook() creates token and uses it for succeeding requests (if code option was set)", async () => {
   const mock = fetchMock
     .sandbox()
     .postOnce("https://github.com/login/oauth/access_token", {
@@ -268,6 +268,39 @@ test("auth.hook() creates token and uses it for succeeding requests", async () =
   expect(mock.done()).toBe(true);
 });
 
+test("auth.hook() does not attempt to create token if code option was not set", async () => {
+  const mock = fetchMock.sandbox().get(
+    "https://api.github.com/repos/octocat/hello-world",
+    { id: 123 },
+    {
+      headers: {
+        authorization: "basic MTIzOnNlY3JldA==" // btoa('123:secret')
+      }
+    }
+  );
+
+  const auth = createOAuthAppAuth({
+    clientId: "123",
+    clientSecret: "secret"
+  });
+
+  const requestWithAuth = request
+    .defaults({
+      request: {
+        fetch: mock
+      }
+    })
+    .defaults({
+      request: {
+        hook: auth.hook
+      }
+    });
+
+  await requestWithAuth("GET /repos/octocat/hello-world");
+
+  expect(mock.done()).toBe(true);
+});
+
 test("auth.hook(request, 'POST https://github.com/login/oauth/access_token') does not send request twice (#35)", async () => {
   const mock = fetchMock
     .sandbox()