{"id":30494622,"url":"https://github.com/beatlabs/github-auth","last_synced_at":"2026-04-08T14:05:28.355Z","repository":{"id":40373808,"uuid":"323331460","full_name":"beatlabs/github-auth","owner":"beatlabs","description":"Go package for GitHub Apps authentication","archived":false,"fork":false,"pushed_at":"2025-09-01T17:38:11.000Z","size":123,"stargazers_count":21,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-08T07:02:03.567Z","etag":null,"topics":["github","github-api","github-apps","github-auth","go","golang"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/beatlabs/github-auth","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/beatlabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-12-21T12:34:41.000Z","updated_at":"2025-09-01T17:38:08.000Z","dependencies_parsed_at":"2023-02-13T16:35:44.369Z","dependency_job_id":"e029606f-5a44-4388-8e6b-3b759be95283","html_url":"https://github.com/beatlabs/github-auth","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/beatlabs/github-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beatlabs%2Fgithub-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beatlabs%2Fgithub-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beatlabs%2Fgithub-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beatlabs%2Fgithub-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/beatlabs","download_url":"https://codeload.github.com/beatlabs/github-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/beatlabs%2Fgithub-auth/sbom","scorecard":{"id":229683,"data":{"date":"2025-08-11","repo":{"name":"github.com/beatlabs/github-auth","commit":"ba48055ce92787af85e8f06c60182567ea6b060c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Maintained","score":4,"reason":"5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/7 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/beatlabs/github-auth/go.yml/main?enable=pin","Warn: goCommand not pinned by hash: .github/workflows/go.yml:48","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   2 third-party GitHubAction dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-17T04:37:34.908Z","repository_id":40373808,"created_at":"2025-08-17T04:37:34.908Z","updated_at":"2025-08-17T04:37:34.908Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274168161,"owners_count":25234211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-08T02:00:09.813Z","response_time":121,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","github-api","github-apps","github-auth","go","golang"],"created_at":"2025-08-24T23:02:55.268Z","updated_at":"2026-04-08T14:05:28.324Z","avatar_url":"https://github.com/beatlabs.png","language":"Go","readme":"# GitHub Apps Authentication for Go\nThe `github-auth` package provide authentication support for GitHub Apps.\n\n## Why?\nThe Go clients for GitHub do not handle authentication directly and an authenticated `*http.Client` is required.\nThe authentication is usually done using static tokens with `oauth2.StaticTokenSource()` which then provides an authenticated `*http.Client`.\n\nWith the introduction of GitHub Apps the authentication process requires JWT payloads.\nThis package provides an easy way to authenticate a Go application or service as a GitHub App (Installation).\n\nThe implementation is based on a slightly modified version of `golang.org/x/oauth2/jwt` to support GitHub JWT payloads and responses.\n\n## How it works?\nGitHub Apps use JWT for authentication.\nThe client can either authenticate as an App or as the App's Installation(s).\nSee [Authenticating with GitHub Apps](https://docs.github.com/en/free-pro-team@latest/developers/apps/authenticating-with-github-apps).\n\n### Authentication as an App\nJWT payloads are added to each request sent by the client.\nSee [Authenticating as a GitHub App](https://docs.github.com/en/free-pro-team@latest/developers/apps/authenticating-with-github-apps#authenticating-as-a-github-app)\n\n### Authentication as an App's Installation\nThe client uses JWT as a token source and automatically requests temporary access tokens when required.\nAll requests are authenticated using the token.\nSee [Authenticating as an installation](https://docs.github.com/en/free-pro-team@latest/developers/apps/authenticating-with-github-apps#authenticating-as-an-installation)\n\nBy default all the repositories available to the installation are accessible by the token.\nOptionally the access to repositories can be limited by either providing a list of repository IDs or names.\n\nAlso the access token's expiration can be specified.\n\n## Requirements\n1. A GitHub App. See [Creating a GitHub App](https://docs.github.com/en/free-pro-team@latest/developers/apps/creating-a-github-app).\n2. The **App ID** which can be retrieved from GitHub (from the App's settings page or the API)\n3. A **private key**. See [Generating a private key](https://docs.github.com/en/free-pro-team@latest/developers/apps/authenticating-with-github-apps#generating-a-private-key)\n4. An **Installation ID** of the App's installed instance(s) (from Organization/repository installed Apps page or API):\n    - See [Installing GitHub Apps in your organization](https://docs.github.com/en/free-pro-team@latest/github/customizing-your-github-workflow/installing-an-app-in-your-organization)\n    - See [Installing GitHub Apps in your repository](https://docs.github.com/en/free-pro-team@latest/developers/apps/installing-github-apps)\n\n## Usage\nInstall this module:\n```shell\ngo get -u github.com/beatlabs/github-auth\n```\n\nTo load the private key:\n```go\nimport \"github.com/beatlabs/github-auth/key\"\n...\n\n// load from a file\nkey, err := key.FromFile(\"/path/to/file\")\n\n// load from data\nkey, err := key.Parse(bytes)\n```\n\nTo authenticate as an App and get a client:\n```go\nimport \"github.com/beatlabs/github-auth/app\"\n...\n\n// Create an App Config using the App ID and the private key\napp, err := app.NewConfig(id, key)\n\n// Get an *http.Client\nclient := app.Client()\n\n// The client can be used to send authenticated requests\nr, err := client.Get(\"https://api.github.com/app\")\n```\n\n**Important:** when authenticating as an App, only specific API endpoints are accessible.\nSee [GitHub Apps REST API Reference](https://docs.github.com/en/free-pro-team@latest/rest/reference/apps) for the list of endpoints which support JWT.\n\nTo authenticate as an Installation:\n```go\n// Get the installation config from the authenticated App by providing the Installation ID\ninstall, err := app.InstallationConfig(id)\n\n// Or from scratch by providing the App ID, the private key and Installation ID\nimport \"github.com/beatlabs/github-auth/app/inst\"\n...\n\ninstall, err := inst.NewConfig(appID, installationID, key)\n\n// Get an *http.Client\nclient = install.Client(ctx)\n\n\n// The client can be used to send requests which are authenticated with temporary access tokens\nr, err = client.Get(\"https://api.github.com/installation/repositories\")\n```\n\nThe returned `*http.Client` (App or Installation) can also be used to handle authentication for other Github clients.\n\nThe following client packages are tested:\n- https://github.com/google/go-github for V3 (REST) API\n- https://github.com/shurcooL/githubv4 for V4 (GraphQL) API\n\nUsing Google's `go-github`:\n```go\nclient := github.NewClient(install.Client(ctx))\nrepos, _, err := client.Repositories.List(ctx, \"\", nil)\n```\n\nUsing shurcooL's `githubv4`:\n```go\nclient := githubv4.NewClient(install.Client(ctx))\n...\nerr := client.Query(ctx, \u0026query, nil)\n```\n\n### Enterprise\nGitHub Enterprise App Installations are supported by using a custom URL:\n```go\ninstall , err := NewEnterpriseConfig(url, appID, installationID, key)\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeatlabs%2Fgithub-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbeatlabs%2Fgithub-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbeatlabs%2Fgithub-auth/lists"}