I am trying to do an app installation and have tried two different methods and cannot

Hi <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

Get <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

would you still like to work on it? I think <code class="notranslate

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Cannot authenticate with token or use "installation" method about auth-app.js HOT 13 CLOSED

chopfitzroy commented on May 26, 2024

Cannot authenticate with token or use "installation" method

from auth-app.js.

Comments (13)

gr2m commented on May 26, 2024 3

Hi @chopfitzroy, I tried to reproduce the problems you created. I found one bug in your code, after fixing that it all works as expected. You need to change the authorization header prefix from token to bearer when authenticating with a JWT

See my code at
https://runkit.com/gr2m/octokit-auth-app-js-184/1.0.0

What is it exactly that you are trying to accomplish? The first code example is unnecessary complex, you don't need to send a manual request to create an installation access token, just use auth({ type: 'installation', installationId }) instead.

from auth-app.js.

chopfitzroy commented on May 26, 2024 1

Get @gr2m yes absolutely, I will try to get onto this this weekend.

from auth-app.js.

gr2m commented on May 26, 2024 1

would you still like to work on it?

I think @octokit/auth-app should throw a meaningful error if it's attempting to create an installation access token without the installationId being set in either the strategy options or the .auth() options. If you are busy I can look into it myself, I see people repeatedly running into this problem, a helpful error message will help greatly to help folks help themselves

from auth-app.js.

chopfitzroy commented on May 26, 2024

Hey @gr2m,

The first example was just experimentation when the second example did not work.

Using test2 I was able to list the repositories, but when I swapped out my own, id, privateKey (did this inline just to make sure), installationId and org I got the same error as before?

(node:2173) UnhandledPromiseRejectionWarning: HttpError: Missing 'issuer' claim ('iss') in assertion
    at node_modules/@octokit/request/dist-node/index.js:66:23
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async getInstallationAuthentication (node_modules/@octokit/auth-app/dist-node/index.js:161:7)
(node:2173) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)

Based on this I would assume I have configured something wrong, I can see the app is installed in the install app menu:

and:

Any ideas? Sorry for the info dump just trying to get everything that could be relevant down.

from auth-app.js.

gr2m commented on May 26, 2024

I'm afraid I haven't seen this error before :(

Does this work?

        const { token } = await auth({ type: "app" });
        console.log(token)
        const result = await githubRequest(`POST https://api.github.com/app/installations/${installationId}/access_tokens`, {
            headers: {
                authorization: "bearer " + token
            }
        });

If not, can you paste the token here and see what you get as payload? https://www.jsonwebtoken.io/ It should look like this

{
 "iat": 1601591683,
 "exp": 1601599068,
 "iss": 83211,
 "jti": "814d33f1-9edf-4e00-8bd3-4843c6709629"
}

If it does, can you try to reproduce the error by sending a curl request? If it doesn't, can you please contact support: support.github.com/contact, they will be able to help you further, I'm afraid I'm out of ideas on what I can do to help on the client side

from auth-app.js.

chopfitzroy commented on May 26, 2024

Using the above code, same error, the token is logged as follows:

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2MDE1OTYzNzIsImV4cCI6MTYwMTU5Njk3MiwiaXNzIjpudWxsfQ.nOdid2PQfobmfaQE0aibPW0C-RPr3e14sbpe7ixYy2LnPT0f7-o-phAO5pFdzf9CZH4i7Kh0U2pqWo-OheY-y5L7SqFcErREvRY1a4y0ChZEWGgJiwZbkv6MvlNC-dIMAauU97AvcwgadhwRSHeB3aMkpZR4XUwopbSkuWww9iaSunRZKF6uvoY6FCuBwNjqKSIjjAuRvfKj3DuFeWjDhIhjqRbxjnhOlsVJjv236xjhCXl1-V-ajQsM7YwY0o1lsj2XafvS8F6eBEq0D8ll4yEoorLUQSPs2GhWFqRsB_QKRutmkGVXNr2YPgmWFKeDcvmsxKMrQP7QRNDIk9O-Fg
{
  err: RequestError [HttpError]: Missing 'issuer' claim ('iss') in assertion
      at node_modules/@octokit/request/dist-node/index.js:66:23

Looks like it verifies correctly:

Except the iss field is null which would explain the error, not sure what this means.

from auth-app.js.

gr2m commented on May 26, 2024

me neither, I suggest you contact support. Please keep me posted and reference this issue, I'm happy to help the great support folks in any way I can, they know how to reach me

from auth-app.js.

chopfitzroy commented on May 26, 2024

Hey @gr2m fantastic will move this to support, thank you so much for all your help debugging this 😁

NOTE putting here for reference, ticket logged with support: 854622.

from auth-app.js.

chopfitzroy commented on May 26, 2024

Hey @gr2m I figured it out, and it is really embarrassing.

This line in all of my examples was the only thing I did not try swapping out for a "hard coded" string:

id: process.env.API_GH_APP_ID,

Well through another issue I discovered that my environment variables were not being populated, once I resolved this issue and re-tried everything went through first try! I am so sorry for taking up so much of your time!

One thing I have learnt from this, is would it be worth adding some sort of null / undefined checker to octokit to say that no id has been provided? Realize this is a bit of an "off chance" bug, but thought I would voice it incase.

from auth-app.js.

gr2m commented on May 26, 2024

One thing I have learnt from this, is would it be worth adding some sort of null / undefined checker to octokit to say that no id has been provided? Realize this is a bit of an "off chance" bug, but thought I would voice it incase.

I agree. Would you like to get a pull request going? You can start with just a failing test and we can continue the discussion there?

from auth-app.js.

github-actions commented on May 26, 2024

🎉 This issue has been resolved in version 3.4.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

from auth-app.js.

scarlac commented on May 26, 2024

For any lost souls coming from Google, the error Missing 'issuer' claim ('iss') may also be caused by a wrong app_id: value. In my case it was because I had incorrectly used the Client ID (e.g. Iv7.1abcdefg01234567) instead of the App ID (e.g. 42) as the app_id: ... value when configuring the actions/github-app-token action with: parameters.
ie. this is wrong:

- name: Get token
  uses: actions/github-app-token@v1
  with:
    app_id: Iv7.1abcdefg01234567
    private_key: ${{ secrets.SHH }}

And this would be right:

- name: Get token
  uses: actions/github-app-token@v1
  with:
    app_id: 42
    private_key: ${{ secrets.SHH }}

from auth-app.js.

siddheshranade commented on May 26, 2024

@gr2m 4 years late but after spending hours trying to make a POST request using GitHub API your first comment above finally solved my issue, thank you.

from auth-app.js.

Cannot authenticate with token or use "installation" method about auth-app.js HOT 13 CLOSED

Comments (13)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent