Comments (13)
Hi @chopfitzroy, I tried to reproduce the problems you created. I found one bug in your code, after fixing that it all works as expected. You need to change the authorization
header prefix from token
to bearer
when authenticating with a JWT
See my code at
https://runkit.com/gr2m/octokit-auth-app-js-184/1.0.0
What is it exactly that you are trying to accomplish? The first code example is unnecessary complex, you don't need to send a manual request to create an installation access token, just use auth({ type: 'installation', installationId })
instead.
from auth-app.js.
Get @gr2m yes absolutely, I will try to get onto this this weekend.
from auth-app.js.
would you still like to work on it?
I think @octokit/auth-app
should throw a meaningful error if it's attempting to create an installation access token without the installationId
being set in either the strategy options or the .auth()
options. If you are busy I can look into it myself, I see people repeatedly running into this problem, a helpful error message will help greatly to help folks help themselves
from auth-app.js.
Hey @gr2m,
The first example was just experimentation when the second example did not work.
Using test2
I was able to list the repositories, but when I swapped out my own, id
, privateKey
(did this inline just to make sure), installationId
and org
I got the same error as before?
(node:2173) UnhandledPromiseRejectionWarning: HttpError: Missing 'issuer' claim ('iss') in assertion
at node_modules/@octokit/request/dist-node/index.js:66:23
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async getInstallationAuthentication (node_modules/@octokit/auth-app/dist-node/index.js:161:7)
(node:2173) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
Based on this I would assume I have configured something wrong, I can see the app is installed in the install app menu:
and:
Any ideas? Sorry for the info dump just trying to get everything that could be relevant down.
from auth-app.js.
I'm afraid I haven't seen this error before :(
Does this work?
const { token } = await auth({ type: "app" });
console.log(token)
const result = await githubRequest(`POST https://api.github.com/app/installations/${installationId}/access_tokens`, {
headers: {
authorization: "bearer " + token
}
});
If not, can you paste the token here and see what you get as payload? https://www.jsonwebtoken.io/ It should look like this
{
"iat": 1601591683,
"exp": 1601599068,
"iss": 83211,
"jti": "814d33f1-9edf-4e00-8bd3-4843c6709629"
}
If it does, can you try to reproduce the error by sending a curl request? If it doesn't, can you please contact support: support.github.com/contact, they will be able to help you further, I'm afraid I'm out of ideas on what I can do to help on the client side
from auth-app.js.
Using the above code, same error, the token is logged as follows:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2MDE1OTYzNzIsImV4cCI6MTYwMTU5Njk3MiwiaXNzIjpudWxsfQ.nOdid2PQfobmfaQE0aibPW0C-RPr3e14sbpe7ixYy2LnPT0f7-o-phAO5pFdzf9CZH4i7Kh0U2pqWo-OheY-y5L7SqFcErREvRY1a4y0ChZEWGgJiwZbkv6MvlNC-dIMAauU97AvcwgadhwRSHeB3aMkpZR4XUwopbSkuWww9iaSunRZKF6uvoY6FCuBwNjqKSIjjAuRvfKj3DuFeWjDhIhjqRbxjnhOlsVJjv236xjhCXl1-V-ajQsM7YwY0o1lsj2XafvS8F6eBEq0D8ll4yEoorLUQSPs2GhWFqRsB_QKRutmkGVXNr2YPgmWFKeDcvmsxKMrQP7QRNDIk9O-Fg
{
err: RequestError [HttpError]: Missing 'issuer' claim ('iss') in assertion
at node_modules/@octokit/request/dist-node/index.js:66:23
Looks like it verifies correctly:
Except the iss
field is null
which would explain the error, not sure what this means.
from auth-app.js.
me neither, I suggest you contact support. Please keep me posted and reference this issue, I'm happy to help the great support folks in any way I can, they know how to reach me
from auth-app.js.
Hey @gr2m fantastic will move this to support, thank you so much for all your help debugging this 😁
NOTE putting here for reference, ticket logged with support: 854622
.
from auth-app.js.
Hey @gr2m I figured it out, and it is really embarrassing.
This line in all of my examples was the only thing I did not try swapping out for a "hard coded" string:
id: process.env.API_GH_APP_ID,
Well through another issue I discovered that my environment variables were not being populated, once I resolved this issue and re-tried everything went through first try! I am so sorry for taking up so much of your time!
One thing I have learnt from this, is would it be worth adding some sort of null
/ undefined
checker to octokit
to say that no id
has been provided? Realize this is a bit of an "off chance" bug, but thought I would voice it incase.
from auth-app.js.
One thing I have learnt from this, is would it be worth adding some sort of
null
/undefined
checker tooctokit
to say that noid
has been provided? Realize this is a bit of an "off chance" bug, but thought I would voice it incase.
I agree. Would you like to get a pull request going? You can start with just a failing test and we can continue the discussion there?
from auth-app.js.
🎉 This issue has been resolved in version 3.4.0 🎉
The release is available on:
Your semantic-release bot 📦🚀
from auth-app.js.
For any lost souls coming from Google, the error Missing 'issuer' claim ('iss')
may also be caused by a wrong app_id:
value. In my case it was because I had incorrectly used the Client ID (e.g. Iv7.1abcdefg01234567
) instead of the App ID (e.g. 42
) as the app_id: ...
value when configuring the actions/github-app-token
action with:
parameters.
ie. this is wrong:
- name: Get token
uses: actions/github-app-token@v1
with:
app_id: Iv7.1abcdefg01234567
private_key: ${{ secrets.SHH }}
And this would be right:
- name: Get token
uses: actions/github-app-token@v1
with:
app_id: 42
private_key: ${{ secrets.SHH }}
from auth-app.js.
@gr2m 4 years late but after spending hours trying to make a POST request using GitHub API your first comment above finally solved my issue, thank you.
from auth-app.js.
Related Issues (20)
- [FEAT]: When will the conversion to ESM happen? HOT 1
- Getting the correct `installation_id` to use HOT 5
- [BUG]: secretOrPrivateKey size error when size is larger enough HOT 4
- Backed authentication user-to-server without device flow
- [BUG]: ReferenceError: Property 'atob' doesn't exist HOT 9
- [BUG]: secretOrPrivateKey must be an asymmetric key when using RS256 HOT 28
- [BUG]: package files not published to npm HOT 1
- [BUG]: unable to use this package with `@actions/github-script` HOT 19
- [DOCS]: Node version requirements HOT 3
- Replace `toMatchObject` Response assertions with `toEqual` in `auth-app.js` HOT 1
- [DOCS]: Implementation of GitHub App user authentication token with expiring disabled HOT 6
- [BUG]: Cache#get type doesn't allow promises HOT 2
- [BUG]: Upgrade universal-github-app-jwt 1.1.2 to close CVE-2022-25883 HOT 5
- Default flow results in error for missing installationId HOT 5
- [BUG]: `octokit.request("PATCH /app/hook/config", { url })` throws error `installationId option is required for installation authentication` HOT 1
- [BUG]: Handle 403 responses same as 401 responses in the first 3 seconds after an installation access token was created HOT 1
- [BUG]: /app/installation-requests missing from PATHS in requires-app-auth HOT 3
- Revisit skipped tests HOT 1
- `appId` can now be set to the application's Client ID HOT 2
- [MAINT]: use stable `semantic-release` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth-app.js.