Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to get the installation token? #1003

Open
jescalan opened this issue Sep 3, 2019 · 7 comments

Comments

@jescalan
Copy link

commented Sep 3, 2019

I have been banging my head against this for quite a while and I feel like perhaps someone else may know the answer. I need to get an installation token in order to be able to clone down repo code and run static analysis on the files as demonstrated in this guide. However, I just cannot figure out how to get the installation token. What I am trying right now is:

context.github.apps
      .createInstallationToken({ installation_id: context.payload.installation.id })
      .then(console.log)
      .catch(console.error)

However, every time, I get a 401 error about a JWT being unable to be decoded. From poking around here it seems like other people see this when their private key isn't correct, but the test check I wrote is working, I have double checked that it key is correct, I regenerated it, and I tried both adding the key as an env variable and including it directly in the folder. I'm not sure it is actually a private key issue.

What's even more pathetic is that I can see clearly in the debug logs that probot itself is making the same request which is returning successfully when it starts up. However, I can't find a spot where that request is being made in the probot source code, nor have I been able to mine a working installation token off any off the app or context objects.

Help?!

@welcome

This comment has been minimized.

Copy link

commented Sep 3, 2019

Thanks for opening this issue. A contributor should be by to give feedback soon. In the meantime, please check out the contributing guidelines and explore other ways you can get involved.

@issue-label-bot

This comment has been minimized.

Copy link

commented Sep 3, 2019

Issue-Label Bot is automatically applying the label question ❓ to this issue, with a confidence of 0.95. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

@gr2m

This comment has been minimized.

Copy link
Contributor

commented Sep 3, 2019

There is no simple way to do this today, it is however a usecase I want to cover with the next Probot version.

I know others where asking for this before and found some way around it, but I cannot recall exactly how they did :( If you search through past issues then I hope you can find it, or maybe someone else here remembers and can point you to the right place.

For the time being, if you have access to the private key at the place where you need the installation token, you could use the @octokit/auth-app package to retrieve an installation token. That's what we are going to use for Probot in the next version, too.

Hope that helps 🙏

@JasonEtco

This comment has been minimized.

Copy link
Member

commented Sep 3, 2019

👋 The trick here is to use the app's authentication to get the installation token. context.github is authenticated specifically to make requests on behalf of an installation, so it doesn't have permission to do things like create new installation tokens.

app.on('event', async context => {
  const github = await app.auth() // Not passing an id returns a JWT-authenticated client
  const token = await github.apps.createInstallationToken({ installation_id: context.payload.installation.id })
})
@gr2m

This comment has been minimized.

Copy link
Contributor

commented Sep 3, 2019

☝️ Thanks Jason, that was it :) 👆

It's gonna get easier soon! With @octokit/auth-app the correct authentication header gets set automagically based on the request URL 🙌

@jescalan

This comment has been minimized.

Copy link
Author

commented Sep 3, 2019

Amazing, thanks so much! Maybe I'm living in a bubble, but code analysis for PRs feels like a really big use case for probot - do you think it might be worth adding this somewhere in the docs? Would be happy to make a pull request to do so if it would be helpful.

@gr2m

This comment has been minimized.

Copy link
Contributor

commented Sep 3, 2019

I think using the installation access token for git operations is probably not a primary use case for probot, but the questions on how to retrieve token keeps coming up, so if we don't have it in the docs yet, let's add it 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.