-
-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a common way to generate JWT #71
Comments
I would be open to it. Reading the requirements for a GitHub app, the authentication bit is always the one that makes just go back to OAuth. 😁 |
@brettcannon It's not that hard in the end, actually. I've got some working code as well 1 - it's not very pretty though (design by evolution). Briefly, the authentication with Github Apps starts with the signing key and the app ID. Using those you can create a JWT, which you use in the API to obtain the normal bearer token. Since an Github App is expected to have many installations (numeric id), you need one token for each installation, each good for 7 hours at a time. In my case, I maintain a cache of those tokens (or GithubAPI objects) that when accessed creates and updates the token / GithubAPI object as needed. My assumption is that I'll never hold the GithubAPI object for more than an hour. And even if so, the auth failure won't be the biggest thing going wrong... A cleaner solution would be teaching GithubAPI (or a subclass) to obtain and renew the bearer token internally. It'd need the installation ID, application ID and application key instead of the bearer token in the constructor. Importing PyJWT late would keep the dependency optional. |
- add get_jwt - add get_installation_access_token - add PyJWT and cryptography dependencies, needed to construct JWT Hoping for inclusion in 4.1.0 Closes gidgethub#71
- add get_jwt - add get_installation_access_token - add PyJWT and cryptography dependencies, needed to construct JWT Hoping for inclusion in 4.1.0 Closes gidgethub#71
- add get_jwt - add get_installation_access_token - add PyJWT and cryptography dependencies, needed to construct JWT Hoping for inclusion in 4.1.0 Closes gidgethub#71
Adding utility functions for GitHub App - add gidgethub.apps - add get_jwt - add get_installation_access_token - add PyJWT and cryptography dependencies, needed to construct JWT - docs and tests Closes #71 Co-authored-by: Brett Cannon <brett@python.org>
When building GitHub Apps, we need to generate a JWT.
I have an example implementation here using PyJWT, but I guess other library can work too.
https://github.com/Mariatta/gh_app_demo/blob/3dfa909866d5aa6f247b6801895a8efa7d0f3275/__main__.py#L10-L24
Perhaps this is a utility and convenient function that gidgethub can provide. (related to #67 )
The text was updated successfully, but these errors were encountered: