Skip to content

Commit 898a9d7

Browse files
datodato
committed
Use AppBearerTokenAuth in login_as_app_installation
Previously, this method used an Authorization header via `headers` parameter, instead of an AuthBase instance via `auth` parameter. But the requests library has this behavior where it will strip the Authorization header on redirects, and then pick up fresh credentials from other sources (~/.netrc in particular, if present). Any AuthBase object, though, is still attached to the request, so this makes for an incredibly difficult issue to debug: all of github3.py uses AuthBase to authenticate, except login_as_app_installation. The latter thus being the only place in which the issue can manifest, when ~/.netrc has an entry for api.github.com. By using AppBearerTokenAuth, this can no longer happen.
1 parent 3587d2f commit 898a9d7

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

AUTHORS.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -200,3 +200,5 @@ Contributors
200200
- Andrew Hayworth (@ahayworth)
201201

202202
- Dmitry Kiselev (@dmitrykiselev27)
203+
204+
- Adeodato Simó (@dato)

src/github3/github.py

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
from . import pulls
2323
from .repos import repo
2424
from . import search
25+
from . import session
2526
from . import structs
2627
from . import users
2728
from . import utils
@@ -1399,14 +1400,15 @@ def login_as_app_installation(
13991400
# NOTE(sigmavirus24): This JWT token does not need to last very long.
14001401
# Instead of allowing it to stick around for 10 minutes, let's limit
14011402
# it to 30 seconds.
1402-
headers = apps.create_jwt_headers(
1403-
private_key_pem, app_id, expire_in=30
1404-
)
1403+
jwt_token = apps.create_token(private_key_pem, app_id, expire_in=30)
1404+
bearer_auth = session.AppBearerTokenAuth(jwt_token, 30)
14051405
url = self._build_url(
14061406
"app", "installations", str(installation_id), "access_tokens"
14071407
)
14081408
with self.session.no_auth():
1409-
response = self.session.post(url, headers=headers)
1409+
response = self.session.post(
1410+
url, auth=bearer_auth, headers=apps.APP_PREVIEW_HEADERS
1411+
)
14101412
json = self._json(response, 201)
14111413

14121414
self.session.app_installation_token_auth(json)

0 commit comments

Comments
 (0)