Webhooks: trigger GitHub APIs using App Installation Tokens instead of PATs #690
Comments
|
This issue has been linked to a Canny post: Webhooks: trigger GitHub APIs using App Installation Tokens instead of PATs 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To be able to use the GitHub App mechanism to trigger API endpoints for the webhooks you need to be enable to store the GitHub App's certificate in the pactflow broker.
Besides the certificate also the GitHub App's identifier / installation id needs to be stored.
Once the certificate is available, the following steps need to be consider for authentication:
Generate and sign a JWT token using the app's private key:
https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app
This token is valid for maximum 10 minutes.
Use the JWT token from step 1 and create an installation token:
https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation
$ curl -i -X POST -H "Authorization: Bearer YOUR_JWT" -H "Accept: application/vnd.github+json" https://api.github.com/app/installations/:installation_id/access_tokens
This Bearer Token is valid for 60 minutes
Call the webhook/GitHub API with the Bearer Token from step 2.
Thanks
https://pact.canny.io/admin/board/feature-requests/p/webhooks-trigger-github-apis-using-app-installation-tokens-instead-of-pats
The text was updated successfully, but these errors were encountered: