-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG]: OAuth token auth applies a different Authorization header than using curl or postman #1634
Comments
👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with |
Hey @auramix Thanks for reaching out and sorry for the trouble that you're running into. So the pattern
I've got another report of intermittent Would you happen to be able to tell me what type of token you're using - JWT, PAT, etc? |
Thanks, @nickfloyd . I was using my Github App's client secret for the token. As I mentioned, this works when using the github api via curl and postman although it isn't the recommended way to auth. Octokit ruby docs state that authenticating a Github app should use JWT, but I wasn't able to get that to work for some reason, not with curl, postman, or the ruby client-- I get a 401, and unfortunately haven't been able to debug and find out why. |
@nickfloyd -- Wanted to ask for some advice on ways to debug auth with JWT for Github Apps using the Ruby client since that is the suggested way. Here is what I'm doing:
I've also checked that I have the correct repository permissions set for my Github App. Not sure what's going on here. |
I was able to auth but I had to first find the app installation id via |
Hey @auramix, Apologies for the delay on this one and thank you for hunting it down. We'll make a task to go through the docs on these auth methods to make sure no one else runs into the roadblocks that you did. |
What happened?
I've been trying to get Octokit client to auth with an OAuth access token on behalf of my Github App, but have found that although the same call to
https://api.github.com/orgs/my_org/repos
succeeds using curl and postman it fails with a 401 Bad Credentials with Octokit.octoclient = Octokit::Client.new(:access_token => token)
repos = octoclient.org_repos("my_org")
In order to debug I used Charles proxy to inspect the traffic and noticed that while postman and curl make the call with the header
Authorization: <my_access_token>
, Octokit is sending the headerAuthorization: token <my_access_token>
. So far I have not seen any other inconsistency in the call so I believe this might be what's causing the client calls to 401.For further reference, I'm running version 6.1.1 of the client and not the latest because my application relies on dependabot-common whose latest version doesn't support >=7.0
Versions
6.1.1
Relevant log output
No response
Code of Conduct
The text was updated successfully, but these errors were encountered: