🪲 [Fix]: Fix an issue where use of ClientID would trigger App login flow

README.md

@@ -131,6 +131,16 @@ Connect-GitHubAccount -Host 'https://msx.ghe.com'
 ✓ Logged in as octocat!
 ```
 
+#### Using a different GitHub App for issuing User access tokens
+
+Instead of using our default GitHub App, you can use a different GitHub App to issue user access tokens.
+You can use the `-ClientID` parameters to specify the app you want to use.
+
+```powershell
+Connect-GitHubAccount -Host 'https://msx.ghe.com' -ClientID 'lv123456789'
+✓ Logged in as octocat!
+```
+
 ### Command Exploration
 
 Familiarize yourself with the available cmdlets using the module's comprehensive documentation or inline help.

src/functions/private/Config/Reset-GitHubConfig.ps1

@@ -33,8 +33,11 @@
                 AccessToken                = [securestring]::new()
                 AccessTokenExpirationDate  = [datetime]::MinValue
                 AccessTokenType            = ''
+                AuthClientID               = $null
                 AuthType                   = ''
+                ClientID                   = ''
                 DeviceFlowType             = ''
+                HostName                   = ''
                 RefreshToken               = [securestring]::new()
                 RefreshTokenExpirationDate = [datetime]::MinValue
                 Scope                      = ''
@@ -47,8 +50,11 @@
                 AccessTokenType            = ''
                 ApiBaseUri                 = 'https://api.github.com'
                 ApiVersion                 = '2022-11-28'
+                AuthClientID               = $null
                 AuthType                   = ''
+                ClientID                   = ''
                 DeviceFlowType             = ''
+                HostName                   = ''
                 Owner                      = ''
                 RefreshToken               = [securestring]::new()
                 RefreshTokenExpirationDate = [datetime]::MinValue

src/functions/public/API/Invoke-GitHubAPI.ps1

@@ -136,6 +136,8 @@
     }
 
     try {
+        Write-Verbose "Calling GitHub API with the following parameters:"
+        Write-Verbose ($APICall | ConvertFrom-HashTable | Format-List | Out-String)
         Invoke-RestMethod @APICall | ForEach-Object {
             $statusCode = $APICallStatusCode | ConvertTo-Json -Depth 100 | ConvertFrom-Json
             $responseHeaders = $APICallResponseHeaders | ConvertTo-Json -Depth 100 | ConvertFrom-Json

src/functions/public/Auth/Connect-GitHubAccount.ps1

@@ -80,15 +80,15 @@
         [Alias('PAT')]
         [switch] $AccessToken,
 
-        # The client ID for the GitHub App.
+        # The client ID for the GitHub App to use for authentication.
+        [Parameter(ParameterSetName = 'UAT')]
         [Parameter(
             Mandatory,
             ParameterSetName = 'App'
         )]
-        [Parameter(ParameterSetName = 'UAT')]
         [string] $ClientID,
 
-        # The private key for the GitHub App.
+        # The private key for the GitHub App when authenticating as a GitHub App.
         [Parameter(
             Mandatory,
             ParameterSetName = 'App'
@@ -135,12 +135,12 @@
     Write-Debug "GitHub token: [$gitHubToken]"
     $gitHubTokenPresent = $gitHubToken.count -gt 0 -and -not [string]::IsNullOrEmpty($gitHubToken)
     Write-Debug "GitHub token present: [$gitHubTokenPresent]"
-    $AuthType = if ($gitHubTokenPresent) { 'sPAT' } else { $PSCmdlet.ParameterSetName }
+    $AuthType = if ($gitHubTokenPresent) { 'IAT' } else { $PSCmdlet.ParameterSetName }
     Write-Verbose "AuthType: [$AuthType]"
     switch ($AuthType) {
         'UAT' {
             Write-Verbose 'Logging in using device flow...'
-            $authClientID = $ClientID ?? $script:Auth.$Mode.ClientID
+            $authClientID = $ClientID ?? (Get-GitHubConfig -Name 'AuthClientID') ?? $script:Auth.$Mode.ClientID
             if ($Mode -ne (Get-GitHubConfig -Name 'DeviceFlowType' -ErrorAction SilentlyContinue)) {
                 Write-Verbose "Using $Mode authentication..."
                 $tokenResponse = Invoke-GitHubDeviceFlowLogin -ClientID $authClientID -Scope $Scope -HostName $HostName
@@ -189,8 +189,10 @@
                         AccessTokenType            = $tokenResponse.access_token -replace '_.*$', '_*'
                         ApiBaseUri                 = $ApiBaseUri
                         ApiVersion                 = $ApiVersion
+                        AuthClientID               = $authClientID
                         AuthType                   = $AuthType
                         DeviceFlowType             = $Mode
+                        HostName                   = $HostName
                         RefreshToken               = ConvertTo-SecureString -AsPlainText $tokenResponse.refresh_token
                         RefreshTokenExpirationDate = (Get-Date).AddSeconds($tokenResponse.refresh_token_expires_in)
                         Scope                      = $tokenResponse.scope
@@ -202,8 +204,10 @@
                         AccessTokenType = $tokenResponse.access_token -replace '_.*$', '_*'
                         ApiBaseUri      = $ApiBaseUri
                         ApiVersion      = $ApiVersion
+                        AuthClientID    = $authClientID
                         AuthType        = $AuthType
                         DeviceFlowType  = $Mode
+                        HostName        = $HostName
                         Scope           = $tokenResponse.scope
                     }
                 }
@@ -228,24 +232,27 @@
                 ApiBaseUri      = $ApiBaseUri
                 ApiVersion      = $ApiVersion
                 AuthType        = $AuthType
+                HostName        = $HostName
             }
             Set-GitHubConfig @settings
             break
         }
         'App' {
             Write-Verbose 'Logging in as a GitHub App...'
             Reset-GitHubConfig -Scope 'Auth'
-            $jwt = Get-GitHubAppJWT -ClientID $ClientID -PrivateKey $PrivateKey
+            $jwt = Get-GitHubAppJWT -ClientId $ClientID -PrivateKey $PrivateKey
             $settings = @{
                 AccessToken     = ConvertTo-SecureString -AsPlainText $jwt
                 AccessTokenType = 'JWT'
                 ApiBaseUri      = $ApiBaseUri
                 ApiVersion      = $ApiVersion
                 AuthType        = $AuthType
+                ClientID        = $ClientID
+                HostName        = $HostName
             }
             Set-GitHubConfig @settings
         }
-        'sPAT' {
+        'IAT' {
             Write-Verbose 'Logging in using GitHub access token...'
             Reset-GitHubConfig -Scope 'Auth'
             $prefix = $gitHubToken -replace '_.*$', '_*'
@@ -254,7 +261,9 @@
                 AccessTokenType = $prefix
                 ApiBaseUri      = $ApiBaseUri
                 ApiVersion      = $ApiVersion
-                AuthType        = 'sPAT'
+                AuthType        = 'IAT'
+                ClientID        = $ClientID
+                HostName        = $HostName
             }
             Set-GitHubConfig @settings
         }
@@ -265,7 +274,7 @@
             $app = Get-GitHubApp
             $username = $app.slug
         }
-        'sPAT' {
+        'IAT' {
             $username = 'system'
         }
         default {

src/functions/public/Config/Get-GitHubConfig.ps1

@@ -21,22 +21,25 @@ function Get-GitHubConfig {
         # Choose a configuration name to get.
         [Parameter()]
         [ValidateSet(
+            'All',
             'AccessToken',
             'AccessTokenExpirationDate',
             'AccessTokenType',
             'ApiBaseUri',
             'ApiVersion',
+            'AuthClientID',
             'AuthType',
+            'ClientID',
             'DeviceFlowType',
+            'HostName',
             'Owner',
             'RefreshToken',
             'RefreshTokenExpirationDate',
             'Repo',
+            'Scope',
             'SecretVaultName',
             'SecretVaultType',
-            'Scope',
-            'UserName',
-            'All'
+            'UserName'
         )]
         [string] $Name = 'All'
     )

src/functions/public/Config/Set-GitHubConfig.ps1

@@ -41,14 +41,24 @@ function Set-GitHubConfig {
         [Parameter()]
         [string] $ApiVersion,
 
+        # Set the authentication client ID.
+        [Parameter()]
+        [string] $AuthClientID,
+
         # Set the authentication type.
         [Parameter()]
         [string] $AuthType,
 
+        # Set the client ID.
+        [string] $ClientID,
+
         # Set the device flow type.
         [Parameter()]
         [string] $DeviceFlowType,
 
+        # Set the API hostname.
+        [string] $HostName,
+
         # Set the default for the Owner parameter.
         [Parameter()]
         [string] $Owner,
@@ -90,15 +100,18 @@ function Set-GitHubConfig {
         AccessTokenType            = $AccessTokenType
         ApiBaseUri                 = $ApiBaseUri
         ApiVersion                 = $ApiVersion
+        AuthClientID               = $AuthClientID
         AuthType                   = $AuthType
+        ClientID                   = $ClientID
         DeviceFlowType             = $DeviceFlowType
+        HostName                   = $HostName
         Owner                      = $Owner
         "$prefix`RefreshToken"     = $RefreshToken
         RefreshTokenExpirationDate = $RefreshTokenExpirationDate
         Repo                       = $Repo
+        Scope                      = $Scope
         SecretVaultName            = $SecretVaultName
         SecretVaultType            = $SecretVaultType
-        Scope                      = $Scope
         UserName                   = $UserName
     }