canny[bot]
commented
6 days ago This issue has been linked to a Canny post: Webhooks: trigger GitHub APIs using App Installation Tokens instead of PATs :tada:
Open canny[bot] opened 6 days ago
canny[bot]
commented
6 days ago This issue has been linked to a Canny post: Webhooks: trigger GitHub APIs using App Installation Tokens instead of PATs :tada:
To be able to use the GitHub App mechanism to trigger API endpoints for the webhooks you need to be enable to store the GitHub App's certificate in the pactflow broker. Besides the certificate also the GitHub App's identifier / installation id needs to be stored. Once the certificate is available, the following steps need to be consider for authentication:
1. Generate and sign a JWT token using the app's private key: https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app
This token is valid for maximum 10 minutes.
2. Use the JWT token from step 1 and create an installation token: https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation
$ curl -i -X POST -H "Authorization: Bearer YOUR_JWT" -H "Accept: application/vnd.github+json" https://api.github.com/app/installations/:installation_id/access_tokens
This Bearer Token is valid for 60 minutes
3. Call the webhook/GitHub API with the Bearer Token from step 2.
Thanks
https://pact.canny.io/admin/board/feature-requests/p/webhooks-trigger-github-apis-using-app-installation-tokens-instead-of-pats