Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve error message when appId is set to an incorrect value #375

Open
gr2m opened this issue Aug 12, 2022 · 3 comments
Open

Improve error message when appId is set to an incorrect value #375

gr2m opened this issue Aug 12, 2022 · 3 comments
Labels
Type: Feature New feature or request
Projects
JS

Comments

@gr2m
Copy link
Contributor

gr2m commented Aug 12, 2022

follow up to octokit/request.js#505 (comment)

I wonder if we can throw a better error message to help users who ran into the same problem as you did.

The underlying library is @octokit/auth-app. My test code looks like this

const auth = createAppAuth({
  appId,
  privateKey
});

auth({
  type: "installation",
  installationId,
}).then(console.log, console.log);

When privateKey is valid, but appId is not the current ID, then I retrieve the "A JSON web token could not be decoded" that @nasirmajid in the linked issue above, which is verbatim the message we get from GitHub's REST API.

@timrogers I tested the JWT that is sent to GitHub and it's not correct that the JWT cannot be decoded, the JWT is valid. However the iss value won't match the signature, as it's an incorrect app ID.

We could catch this case in the library and provide a more helpful error message, e.g. at least include the APP ID. But It would be even better if the error message from GitHub's REST API would be improved to include the iss aka app ID when it can be retrieved from the passed JWT
@ghost ghost added this to Inbox in JS Aug 12, 2022
@timrogers
Copy link

@gr2m Thanks for submitting the issue! I'm happy to look on the GitHub side. Would you be able to provide example values of appId and privateKey that generate the result you're seeing?

@gr2m
Copy link
Contributor Author

gr2m commented Aug 30, 2022
edited

There you go

const auth = createAppAuth({
  // dummy credentials
  appId: 100001,
  privateKey: `-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END RSA PRIVATE KEY-----`,
});

// Retrieve JSON Web Token (JWT) to authenticate as app
auth({
  type: "installation",
  installationId: 1,
}).then(console.log, console.log);
// logs "RequestError [HttpError]: A JSON web token could not be decoded" error

@gr2m gr2m mentioned this issue Sep 28, 2022
Merged
@wolfy1339 wolfy1339 added the Type: Feature New feature or request label Dec 16, 2022
@ghost ghost moved this from Inbox to Features in JS Dec 16, 2022
@gotham8x
Copy link

gotham8x commented Aug 6, 2023
edited 

"A JSON web token could not be decoded"

Man, it took me hours to dig into my used JWT generators. An then turned out that it was incorrect just because the appid didn't match!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Feature New feature or request
Projects
No open projects
JS
  
Features
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gr2m @timrogers @wolfy1339 @gotham8x