search

octokit / dotnet-sdk

MIT License
52 stars 8 forks source link

GitHub Apps Proof-of-Concept #69

Closed kfcampbell closed 1 month ago

kfcampbell commented 2 months ago

This PR is the .NET side of https://github.com/octokit/go-sdk/pull/69. It's a work in progress.

It's pending some discussion and decisions:

github-actions[bot] commented 2 months ago

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

MatisseHack commented 2 months ago

FWIW, it's pretty easy to generate JWTs with Microsoft.IdentityModel.JsonWebTokens if you'd prefer to take a dependency on a more "official" library:

using System.Security.Cryptography;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;

string CreateJsonWebToken(string clientId, string privateKey)
{
    var rsa = RSA.Create();
    rsa.ImportFromPem(privateKey);

    var now = DateTimeOffset.Now;
    var tokenDescriptor = new SecurityTokenDescriptor
    {
        Issuer = clientId,
        IssuedAt = now.UtcDateTime,
        NotBefore = now.UtcDateTime,
        Expires = now.AddMinutes(10).UtcDateTime,
        SigningCredentials = new(new RsaSecurityKey(rsa), SecurityAlgorithms.RsaSha256)
    };

    return new JsonWebTokenHandler().CreateToken(tokenDescriptor);
}

var token = CreateJsonWebToken("foo", "bar");
kfcampbell commented 2 months ago

@MatisseHack Ooh, I should probably swap over. I used the library I did because I was going off of the Octokit docs :grimacing:; perhaps we should change those as well?

MatisseHack commented 2 months ago

Good point! I've got nothing against GitHubJwt, but using Microsoft's library is easy enough that it might be wroth switching the recommendation in the docs.

nickfloyd commented 1 month ago

Closing in favor of: https://github.com/octokit/dotnet-sdk/pull/70