Skip to content
This repository was archived by the owner on Jun 30, 2023. It is now read-only.
This repository was archived by the owner on Jun 30, 2023. It is now read-only.

401 - A JSON web token could not be decoded when following App example #19

Open
Open
401 - A JSON web token could not be decoded when following App example#19
@hanysf

Description

@hanysf
hanysf
opened on Jul 28, 2022

Expected Behavior

I am following the example of using GitHub API's in a GitHub app. This page links to another page showing how to setup the development environment to do this.
I followed the instructions on that page, with one difference, for testing, I kept the contents of the pem file in the code 64-encoded. The code then proceeds to decode that string to get the actual content of the pem file, and use that to construct the PRIVATE_KEY. So, it looks like this

  PRIVATE_KEY_ENCODED = "some long string"
  PRIVATE_KEY_DECODED = (Base64.decode64(PRIVATE_KEY_ENCODED)).gsub('\n', "\n")
  PRIVATE_KEY = OpenSSL::PKey::RSA.new(PRIVATE_KEY_DECODED)

Actual Behavior

When I install the GitHub app in a new organization, I the following error:
POST https://api.github.com/app/installations/27776345/access_tokens: 401 - A JSON web token could not be decoded // See: https://docs.github.com/rest (Octokit::Unauthorized).

This error occurs when the code tries to get the token of a specific installation
@installation_token = @app_client.create_app_installation_access_token(@installation_id)[:token]

Steps to Reproduce

Follow instructions in https://docs.github.com/en/developers/apps/getting-started-with-apps/setting-up-your-development-environment-to-create-a-github-app.

Context

In testing the code, in a Ruby console, I debugged the ran the template_server.rb file and placed a binding.pry right before the error is thrown.
I did the following:

# This is taken from https://github.com/github-developer/github-app-template/blob/master/template_server.rb#L94

payload = {
          # The time that this JWT was issued, _i.e._ now.
          iat: Time.now.to_i,

          # JWT expiration time (10 minute maximum)
          exp: Time.now.to_i + (10 * 60),

          # Your GitHub App's identifier number
          iss: APP_IDENTIFIER
      }

# Calculate a jwt
jwt = JWT.encode(payload, PRIVATE_KEY, 'RS256')

# display the installation id
@installation_id

Then I ran the following cURL command in a command line.

curl -i -X POST
-H "Authorization: Bearer "
-H "Accept: application/vnd.github+json"
https://api.github.com/app/installations/<@installation_id>/access_tokens

I received a valid response that did include a token. So, it doesn't seem that the problem is in the code itself, but that for some reason the Octokit::Client is not doing the right thing in calling the intended API.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions