Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding jwt caching in GitHubAPI, like oauth_token? #199

Open
jonathansick opened this issue Jun 21, 2023 · 3 comments · May be fixed by #201
Open

Adding jwt caching in GitHubAPI, like oauth_token? #199

jonathansick opened this issue Jun 21, 2023 · 3 comments · May be fixed by #201
Labels
enhancement

Comments

@jonathansick
Copy link

I want to implement a factory for creating GitHubAPI clients for my GitHub Apps that are authenticated for different roles. Already Gidgethub makes it easy to create a GitHubAPI that includes the OAuth token for a GitHub App's installation in a repo or org so that client doesn't need the oauth_token info repeated for each request.

I was thinking about doing the equivalent for a GitHub App's authentication as an app, which uses the jwt computed by gidgethub.apps.get_jwt. Doing this would involve:

  • Adding a jwt to the GitHubAPI constructor and making sure oauth_token wasn't also passed in.
  • Using the cached jwt in the request methods

Does this feature sound reasonable? The caveat is that the jwt has a short lifespan; I'm not sure if we'd need provide a way refresh the jwt and what that should look like. Should the GitHubAPI instance actually cache the private key and app id??

If you're interested I'd be happy to put together a PR. Thanks!
@Mariatta
Copy link
Member

I think storing the app_id and private key would be useful, and perhaps make these optional or only if oauth token wasn't passed. So user should pass either oauth_token or the app_id and private_key combination.
With the app_id and private_key passed, the library should be able to:

  • if JWT is none, request a new one and store it
  • if there's JWT and it hasn't expired, use it
  • if there's JWT and it has expired, refresh it

If there's no app_id, no private_key, then it should fallback to needing oauth_token.

@Mariatta
Copy link
Member

Such addition will make it easier for working with GitHub Apps as a default going forward.

@jonathansick
Copy link
Author

jonathansick commented Jun 28, 2023
edited

Thanks @Mariatta, I like the idea of managing the JWT if app_id and private_key are provided. I'll try implementing it and should have a PR soon 😄

@jonathansick jonathansick linked a pull request Jul 11, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support managing a GitHub App's JWT in GitHubAPI lsst-sqre/gidgethub
3 participants
@brettcannon @jonathansick @Mariatta