logo

The Definitive Guide for Authenticating a GitHub App

The best way to setup an octokit instance so that it can interact with the API on your behalf.
profile photo
Jason Laster
Image without caption
Yesterday we published a post on how we debugged GitHub’s Auth flow in order to be able to programmatically manage PR Checks.
At a high level there were 7 steps:
  1. Create an App
  1. Create a private key
  1. Install the App
  1. Create a JWT with a reasonable expiration and app id
  1. Use the JWT and the installation id to create a token
  1. Use the token to create the Check Run
  1. profit
And there was some really crazy stuff in there. First signing a JWT is no joke and then fetching an access_token for the installation is not simple either. And this approach came straight from GitHub’s docs.
So, after meeting with Gregor who built a big chunk of the octokit SDK, I learned there’s a much simpler way to do it.
The simpler way boils down to four steps
  1. Create an @octokit/app App
  1. Fetch the installation id for the repo you want to talk to
  1. Create an octokit instance for the given installation
  1. profit
javascript
const { App } = require("@octokit/app"); const dotenv = require("dotenv"); dotenv.config({ path: "./.env.local" }); (async () => { const appId = 274973; const owner = "replayio"; const repo = "devtools"; const app = new App({ appId, privateKey: process.env.PEM }); // First we need to get the installation id for the repo const { data: installation } = await app.octokit.request( `GET /repos/${owner}/${repo}/installation` ); // Then we can get an octokit instance for the installation const octokit = await app.getInstallationOctokit(installation.id); // Then we go nuts const { data: issues } = await octokit.request( `GET /repos/${owner}/${repo}/issues` ); console.log(issues); })();

Loom Walk Through

Related posts
post image
How to set up a GitHub App that can listen for pull requests and create checks.
post image
Ryan highlights some CI improvements, mainly our GitHub Actions for our Playwright integration.
Powered by Notaku