Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gbevan/github-insttoken

Go binary to get a GitHub App ephemeral Installation token for a repository to allow git `clone` / `pull` etc operations over https (e.g. if in a network where ssh access is not permitted)
https://github.com/gbevan/github-insttoken

github https installation jwt proxy token

Last synced: about 1 month ago
JSON representation

Go binary to get a GitHub App ephemeral Installation token for a repository to allow git `clone` / `pull` etc operations over https (e.g. if in a network where ssh access is not permitted)

Host: GitHub
URL: https://github.com/gbevan/github-insttoken
Owner: gbevan
License: mit
Created: 2018-10-29T15:55:16.000Z (about 6 years ago)
Default Branch: master
Last Pushed: 2018-11-11T13:01:34.000Z (about 6 years ago)
Last Synced: 2024-10-13T17:28:03.503Z (3 months ago)
Topics: github, https, installation, jwt, proxy, token
Language: Go
Homepage:
Size: 10.7 KB
Stars: 3
Watchers: 2
Forks: 1
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# github-insttoken

Go binary to get a GitHub App ephemeral Installation token for a repository to allow
git `clone` / `pull` etc operations over https.

This is to simplify the steps detailed in [authenticating-with-github-apps](https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/)

## Usage:
```bash
./github-insttoken \
--private-key-file YOURGITHUBAPP.2018-10-26.private-key.pem \
--app-id APP_ID \
--repo Organisation/project \
--git-url https://github.example.com/api/v3
```
Returns:
```
token: v1.2a04[...snip...]5172
```

This can now be used in a git clone:
```bash
git clone https://x-access-token:v1.2a04[...snip...][email protected]/Organisation/project.git
```

## ISSUE: Via Proxy
If you get a 401 Unauthorized error attempting to resolve the JWT into
an Installation Token when going via a proxy. Use the workaround below with
the `--jwt-only` option:
```bash
./github-insttoken --private-key-file YOURGITHUBAPP.2018-10-26.private-key.pem \
--app-id APP-ID \
--jwt-only
```
Returns:
```
jwt: eyJhbGciOi[...snip...]FJn7HnGA0Pr7A
```
Then follow github instructions using curl to resolve to the final token.

Get Installation ID for your repo
```bash
curl -i -H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
https://github.example.com/api/v3/repos/Organisation/project/installation
```
You want the returned id:
```json
{
"id": 77,
...
}
```

Now you can request the Installation token using the above id:
```bash
curl -i -H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
https://github.example.com/api/v3/app/installations/77/access_tokens \
-X POST
```
Returns:
```json
{
"token": "v1.f5f76[...snip...]99cc7f93",
"expires_at": "2018-11-07T10:24:00Z"
}
```
You can now use this token to `git clone ...` as above.