Closed SimonLab closed 6 years ago
@SimonLab - nice one, I think you've probably got a better feel for this than me due to your dwylbot experience.
The first steps make sense. I can follow the concepts of the final checkbox but I am not 100% sure how to achieve them. I'll take a look at the links etc. you shared.
Installation access tokens are scoped to the repositories an installation can access, have defined permissions set by the GitHub App, and expire after one hour.
@SimonLab - Expiring after 1 hour - does this mean we could only use this token for the initial import of issues and not for continued use for the webhooks?
For the webhooks we don't need any authentication or token. The users will have decided to install the Github app then the server will receive the webhooks event on the /event/new
endpoint we have defined.
The access token is used to send request to the API. At the moment we will want to receive all the issues of repos, and maybe get more information about specific users (who created an issue for example). We can ask for a new token each time we need to send an API request so I don't think the time limit is an issue.
@nelsonic - not sure that you can test this one given its technical nature but if happy please close 👍
Closing as 'Done' in the Projects board.
A token installation allow the Github App to send API requests to Github being authenticated as the installation. This allow the Github App to have a greater requests rate limit.
For each notifications received by the server via Github webhooks we can build an authenticated request for the installation and use the Github API for example to add the meta table on a new created issue or to get the list of all the issues on a new installation
The general steps are well defined on the Gihtub documentation: https://developer.github.com/apps/building-github-apps/authentication-options-for-github-apps/#authenticating-as-an-installation and some part of dwylbot code will help us on a more specific aspect with Elixir:
[x] Get the access token of a specific installation (generate a jwt from the private key to authenticate the Github app on the request which ask for the installation token). The following funciton has been created on dwylbot: https://github.com/dwyl/dwylbot/blob/91b65bc4c9e57ec935f503fd82e4c39b5cb76252/lib/dwylbot_web/controllers/github_api/http_client.ex#L36-L54
We can reuse the same logic but it might be worth checking if we can incorporate this function into a plug to automatically get the installation token on each incoming requests. To get a specific installation token we use the id of the installation which is defined on the payload send by the webhooks request:
payload["installation"]["id"]
. This id is then use on the API:https://api.github.com/installations/:installation_id/access_tokens
@Cleop do these steps make sense or do we need more details or info?
References: