Closed ivanempire closed 10 months ago
a GitHub App
The OAuth integration only supports OAuth apps, not GitHub apps. I think there's some differences between them
Hey thanks for responding! So we did get the flow working just fine by plugging in the application ID, and secret - I was pleasantly surprised that it just worked (we got user info, installation information etc.), but then suddenly this error cropped up last night.
Which API call is causing the error? The standard OAuth flow doesn't use JWTs (the exp
claim). The only part where JWT is used is when authenticating the GitHub App
I'm pretty sure this has nothing to do with Lucia
Found the original guide we followed to address your earlier point: https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app#generating-a-user-access-token-when-a-user-installs-your-app
We're putting the user through OAuth to get the user access token. The specific call that fails is:
const { data } = await app.octokit.request("GET /users/{username}/installation", {
username: session.user.username,
headers: {
"X-GitHub-Api-Version": "2022-11-28"
}
});
Although as I'm dissecting this more, it does in fact seem that something is going wrong after the flow completes successfully because we're getting a session
just fine. I'm going to close this - thanks for the sanity check :)
Package
@lucia-auth/oauth
Describe the bug
Description
As of last night, we seem to be running into an issue where we can't complete the OAuth flow for a GitHub App Installation due to the following error:
"message":"'Expiration time' claim ('exp') is too far in the future"
I've found some other versions of the bug here: https://github.com/probot/probot/issues/1426 and here https://github.com/conbench/conbench/issues/1101
I'd be happy to create a reproducible example, it just requires one to have a GitHub App on their account to authorize against. Relevant excerpt from
package.json
:I can also take a stab at fixing this, I may need a pointer to the code location where the expiry value is set, unless we did something stupid on our end. 🚀 Thanks a bunch - absolutely love the library!