Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub App Authentication #16

Merged
merged 16 commits into from
Jan 23, 2025
Merged

GitHub App Authentication #16

merged 16 commits into from
Jan 23, 2025

Conversation

GrantBirki
Copy link
Contributor

@GrantBirki GrantBirki commented Jul 30, 2024
edited
Loading

GitHub App Authentication (starter)

This pull request adds the very base logic to this library to authenticate a GitHub app.

Example

Now you can run:

require "octokit"
require "jwt"
require "openssl"

# A helper function for encoding JWTs
# :param client_id [String] the client ID of the GitHub App
# :param private_key_path [String] the path to the private key file for the GitHub App
# :return [String] the encoded JWT
def encode(client_id : String, private_key_path : String) : String
  private_pem = File.read(private_key_path)
  private_key = OpenSSL::PKey::RSA.new(private_pem).to_pem

  payload = {
    "iss" => client_id,
    "exp" => Time.utc.to_unix + (10 * 60), # 10 minutes from now
    "iat" => Time.utc.to_unix - 60,        # to account for clock drift
  }

  JWT.encode(payload, private_key, JWT::Algorithm::RS256)
end

jwt = encode("client_id_here", "./path/to/private-key.pem")

# Create a new Octokit Client using the jwt
github = Octokit.client(bearer_token: jwt)
github.auto_paginate = true
github.per_page = 100

options = {headers: {authorization: "Bearer #{github.bearer_token}"}}

installations = JSON.parse(github.find_installations(**options).records.to_json)

first_installation = installations[0]
installation_id = first_installation["id"].to_s.to_i

puts "First Installation ID: #{installation_id}"

token = github.create_app_installation_access_token(installation_id, **options)

puts "Token: #{token}"

Result:

$ crystal run tmp/test.cr
First Installation ID: 12345678
Token: {"token":"<redacted>","expires_at":"2024-07-30T22:38:50Z","permissions":{"contents":"read","issues":"write","metadata":"read"},"repository_selection":"selected"}

@GrantBirki GrantBirki added the enhancement New feature or request label Jul 30, 2024
@GrantBirki GrantBirki self-assigned this Jul 30, 2024
@GrantBirki GrantBirki marked this pull request as ready for review July 30, 2024 21:45
@GrantBirki GrantBirki requested a review from watzon as a code owner July 30, 2024 21:45
@GrantBirki
Copy link
Contributor Author

@watzon let me know what you think here. This is by no means a full implementation of client/apps but its a start with a few working methods.

@GrantBirki GrantBirki closed this Jan 17, 2025
@GrantBirki GrantBirki deleted the github-app-auth branch January 17, 2025 07:51
@GrantBirki GrantBirki restored the github-app-auth branch January 18, 2025 19:10
@GrantBirki
Copy link
Contributor Author

Related: https://gist.github.com/GrantBirki/450213036f8eed204d45a348d32d3e39

@GrantBirki GrantBirki reopened this Jan 23, 2025
@GrantBirki
Copy link
Contributor Author

Example implementation can be found in the examples/github_app_authentication/ dir

@GrantBirki GrantBirki merged commit b296864 into main Jan 23, 2025
3 checks passed
@GrantBirki GrantBirki deleted the github-app-auth branch January 23, 2025 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@watzon watzon Awaiting requested review from watzon watzon is a code owner

Assignees

@GrantBirki GrantBirki

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@GrantBirki