- Notifications
You must be signed in to change notification settings - Fork43
401 - A JSON web token could not be decoded when following App example #19
Description
Expected Behavior
I am following theexample of using GitHub API's in a GitHub app. This page links toanother page showing how to setup the development environment to do this.
I followed the instructions on that page, with one difference, for testing, I kept the contents of the pem file in the code 64-encoded. The code then proceeds to decode that string to get the actual content of the pem file, and use that to construct thePRIVATE_KEY. So, it looks like this
PRIVATE_KEY_ENCODED = "some long string" PRIVATE_KEY_DECODED = (Base64.decode64(PRIVATE_KEY_ENCODED)).gsub('\n', "\n") PRIVATE_KEY = OpenSSL::PKey::RSA.new(PRIVATE_KEY_DECODED)Actual Behavior
When I install the GitHub app in a new organization, I the following error:POST https://api.github.com/app/installations/27776345/access_tokens: 401 - A JSON web token could not be decoded // See: https://docs.github.com/rest (Octokit::Unauthorized).
This error occurs when the code tries toget the token of a specific installation@installation_token = @app_client.create_app_installation_access_token(@installation_id)[:token]
Steps to Reproduce
Follow instructions inhttps://docs.github.com/en/developers/apps/getting-started-with-apps/setting-up-your-development-environment-to-create-a-github-app.
Context
In testing the code, in a Ruby console, I debugged the ran the template_server.rb file and placed abinding.pry right beforethe error is thrown.
I did the following:
# This is taken from https://github.com/github-developer/github-app-template/blob/master/template_server.rb#L94payload = { # The time that this JWT was issued, _i.e._ now. iat: Time.now.to_i, # JWT expiration time (10 minute maximum) exp: Time.now.to_i + (10 * 60), # Your GitHub App's identifier number iss: APP_IDENTIFIER }# Calculate a jwtjwt = JWT.encode(payload, PRIVATE_KEY, 'RS256')# display the installation id@installation_idThen I ran the following cURL command in a command line.
curl -i -X POST
-H "Authorization: Bearer "
-H "Accept: application/vnd.github+json"
https://api.github.com/app/installations/<@installation_id>/access_tokens
I received a valid response that did include a token. So, it doesn't seem that the problem is in the code itself, but that for some reason theOctokit::Client is not doing the right thing in calling the intended API.