Add auto-refreshing of App installation access tokens #1096
Replies: 4 comments
-
|
quick question, currently, how are you guys re-authenticating after the access_token expires after the hour? |
Beta Was this translation helpful? Give feedback.
-
You don't need to re-authenticate. Just do this |
Beta Was this translation helpful? Give feedback.
-
|
@sarmad90 I do not think that your answer is correct. installation_token = bearer_client.create_app_installation_access_token(installation_id)
client = ::Octokit::Client.new(bearer_token: installation_token)
client.check_run("myrepo", 123456789)[:id]
=> 123456789
# Wait for 5 minutes and repeat
client.check_run("myrepo", 123456789)[:id]
=> 123456789
# Wait for 1 hour and repeat
client.check_run("myrepo", 123456789)[:id]
=> 123456789
Octokit::Unauthorized: GET https://api.github.com/repos/myrepo/check-runs/123456789: 401 - Bad credentials // See: https://docs.github.com/rest
from /Users/cathalcoffey/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/octokit-4.19.0/lib/octokit/response/raise_error.rb:16:in `on_complete'I believe @movermeyer is trying to avoid having to do something like the following: def check_run(repo, id)
@client.check_run(repo, id)
rescue Octokit::Unauthorized
@client = create_new_client
retry
endAnd I believe that he is asking if Octokit could do this internally instead? |
Beta Was this translation helpful? Give feedback.
-
|
Correct. The fact that tokens expire is something I expect 99.9+% of the users of |
Beta Was this translation helpful? Give feedback.
-
In order to authenticate as a specific GitHub App installation, you use a JWT token to produce a temporary installation access token.
You can then set Octokit to use that token.
However, that token is only valid for an hour.
It would be nice if Octokit could automatically refresh the
access_tokenas it expired.Beta Was this translation helpful? Give feedback.
All reactions