search

github-developer / github-app-template

30 stars 44 forks source link

401 - A JSON web token could not be decoded when following App example #19

Open hanysf opened 2 years ago

hanysf commented 2 years ago

Expected Behavior

I am following the example of using GitHub API's in a GitHub app. This page links to another page showing how to setup the development environment to do this. I followed the instructions on that page, with one difference, for testing, I kept the contents of the pem file in the code 64-encoded. The code then proceeds to decode that string to get the actual content of the pem file, and use that to construct the PRIVATE_KEY. So, it looks like this

  PRIVATE_KEY_ENCODED = "some long string"
  PRIVATE_KEY_DECODED = (Base64.decode64(PRIVATE_KEY_ENCODED)).gsub('\n', "\n")
  PRIVATE_KEY = OpenSSL::PKey::RSA.new(PRIVATE_KEY_DECODED)

Actual Behavior

When I install the GitHub app in a new organization, I the following error: POST https://api.github.com/app/installations/27776345/access_tokens: 401 - A JSON web token could not be decoded // See: https://docs.github.com/rest (Octokit::Unauthorized).

This error occurs when the code tries to get the token of a specific installation @installation_token = @app_client.create_app_installation_access_token(@installation_id)[:token]

Steps to Reproduce

Follow instructions in https://docs.github.com/en/developers/apps/getting-started-with-apps/setting-up-your-development-environment-to-create-a-github-app.

Context

In testing the code, in a Ruby console, I debugged the ran the template_server.rb file and placed a binding.pry right before the error is thrown. I did the following:

# This is taken from https://github.com/github-developer/github-app-template/blob/master/template_server.rb#L94

payload = {
          # The time that this JWT was issued, _i.e._ now.
          iat: Time.now.to_i,

          # JWT expiration time (10 minute maximum)
          exp: Time.now.to_i + (10 * 60),

          # Your GitHub App's identifier number
          iss: APP_IDENTIFIER
      }

# Calculate a jwt
jwt = JWT.encode(payload, PRIVATE_KEY, 'RS256')

# display the installation id
@installation_id

Then I ran the following cURL command in a command line.

curl -i -X POST \ -H "Authorization: Bearer " \ -H "Accept: application/vnd.github+json" \ https://api.github.com/app/installations/<@installation_id>/access_tokens

I received a valid response that did include a token. So, it doesn't seem that the problem is in the code itself, but that for some reason the Octokit::Client is not doing the right thing in calling the intended API.

hanysf commented 2 years ago

To answer my own question, the reason for the above behavior is https://github.com/octokit/octokit.rb/issues/1391.