search

gr2m / universal-github-app-jwt

Calculate GitHub App bearer tokens for Node & modern browsers
MIT License
24 stars 11 forks source link

Client ID can now be used to generate a valid JWT #97

Closed gr2m closed 1 month ago

gr2m commented 6 months ago

See https://github.blog/changelog/2024-05-01-github-apps-can-now-use-the-client-id-to-fetch-installation-tokens/

gr2m commented 6 months ago

GitHub recommends to use the app client ID moving forward:

[iss parameter]: The client ID or application ID of your GitHub App. This value is used to find the right public key to verify the signature of the JWT. You can find your app's IDs on the settings page for your GitHub App. Use of the client ID is recommended. For more information about navigating to the settings page for your GitHub App, see "Modifying a GitHub App registration."

https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app

gr2m commented 1 month ago

It's fixed in https://github.com/gr2m/universal-github-app-jwt/releases/tag/v2.2.0 via https://github.com/gr2m/universal-github-app-jwt/pull/100/files

It needs to be backported to v1

gr2m commented 1 month ago

backported via #107

github-actions[bot] commented 1 month ago

:tada: This issue has been resolved in version 1.2.0 :tada:

The release is available on:

Your semantic-release bot :package::rocket: