Complete flow for authenticating as a GitHub App

swinton · swinton · commit 7d6a2108c812 · 2018-02-24T17:27:10.000-06:00
/via https://developer.github.com/apps/building-github-apps/authentication-options-for-github-apps/#authenticating-as-a-github-app
diff --git a/auth.py b/auth.py
@@ -1,25 +1,17 @@
 #!/usr/bin/env python
 # -*- coding: utf8 -*-
 
-import os
-import time
-
 import requests
-import jwt
 
+import jsonwebtoken
 
-# Generate the JWT
-payload = {
-  # issued at time
-  'iat': int(time.time()),
-  # JWT expiration time (10 minute maximum)
-  'exp': int(time.time()) + (10 * 60),
-  # GitHub App's identifier
-  'iss': os.environ['APP_ID']
-}
 
-with open(os.environ['PRIVATE_KEY_FILE']) as fp:
-    private_key = fp.read()
-encoded = jwt.encode(payload, private_key, algorithm='RS256')
+class JWTAuth(requests.auth.AuthBase):
+     def __call__(self, r):
+        r.headers['Authorization'] = 'bearer {}'.format(jsonwebtoken.generate())
+        return r
 
-print "&#128075;", encoded
+response = requests.get('https://api.github.com/app',
+    auth=JWTAuth(),
+    headers=dict(accept='application/vnd.github.machine-man-preview+json'))
+print(response.json())
diff --git a/jsonwebtoken.py b/jsonwebtoken.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# -*- coding: utf8 -*-
+
+import os
+import time
+
+import jwt
+
+
+def generate():
+    # Generate the JWT
+    payload = {
+      # issued at time
+      'iat': int(time.time()),
+      # JWT expiration time (10 minute maximum)
+      'exp': int(time.time()) + (10 * 60),
+      # GitHub App's identifier
+      'iss': os.environ['APP_ID']
+    }
+
+    with open(os.environ['PRIVATE_KEY_FILE']) as fp:
+        private_pem = fp.read()
+
+    jwt_token = jwt.encode(payload, private_pem, algorithm='RS256')
+
+    return jwt_token.decode('utf-8')
+
+
+if __name__ == '__main__':
+    print(generate())
