Provide a common way to generate JWT

[Mariatta]

When building GitHub Apps, we need to generate a JWT.

I have an example implementation here using PyJWT, but I guess other library can work too.
https://github.com/Mariatta/gh_app_demo/blob/3dfa909866d5aa6f247b6801895a8efa7d0f3275/__main__.py#L10-L24

Perhaps this is a utility and convenient function that gidgethub can provide. (related to #67 )

[brettcannon]

I would be open to it. Reading the requirements for a GitHub app, the authentication bit is always the one that makes just go back to OAuth. 😁

[epruesse]

@brettcannon It's not that hard in the end, actually. I've got some working code as well 1 - it's not very pretty though (design by evolution).

Briefly, the authentication with Github Apps starts with the signing key and the app ID. Using those you can create a JWT, which you use in the API to obtain the normal bearer token. Since an Github App is expected to have many installations (numeric id), you need one token for each installation, each good for 7 hours at a time.

In my case, I maintain a cache of those tokens (or GithubAPI objects) that when accessed creates and updates the token / GithubAPI object as needed. My assumption is that I'll never hold the GithubAPI object for more than an hour. And even if so, the auth failure won't be the biggest thing going wrong...

A cleaner solution would be teaching GithubAPI (or a subclass) to obtain and renew the bearer token internally. It'd need the installation ID, application ID and application key instead of the bearer token in the constructor. Importing PyJWT late would keep the dependency optional.