Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Docs should describe GitHub app authentication flow

See original GitHub issue

This might be a duplicate of #107, but I thought I’d post anyway, since gidgethub has been mostly intuitive to me, except for app authentication. I did see this comment, so, apologies in advance if this just isn’t something you want to do.

Scenario: I’m making a bot for Spack, to ping maintainers about their packages. A user followed GitHub’s tutorial and made a prototype bot in Ruby, but we’re a Python project, and I wanted to make it easy for contributors to hack the bot in Python. I started with octomachinery, as it eliminates a fair bit of the boilerplate, but it is surprisingly (for a Python project) GPL3, so we cannot use it in Spack. I figured I’d just implement the auth myself since octomachinery uses gidgethub for much of the heavy lifting anyway.

Long story short, it took me a while to understand how to put everything in the GitHub guide together on the Python side. I had to:

  1. Figure out that most of what I wanted was in gidgethub.apps
  2. Map those steps back to GitHub’s guide
  3. Verify that everything the GitHub examples do is also done in GidgetHub (e.g., that webhooks were verified as part of creating an Event).

I could not find resources that told me I had to make a JWT token and use that to get an installation access token based on each reqeust. @Mariatta’s excellent bot tutorial seems to get OAuth tokens directly from the environment, instead of doing the JWT -> installation access token dance, as do the Bedevere and Miss Islington examples.

Maybe I am missing something about those, but it seems like the docs should have an example of how to use the GitHub app authentication flow, as I think most new bots will want to do this.

Anyway, thanks for Gidgethub!

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

brettcannoncommented, Apr 12, 2021

@lecovi if you’re talking about docs in general then please feel free to open new issues on any specific topic you want to consider writing docs for and we can take it from there!

Mariattacommented, Apr 5, 2021

Thanks for taking my tutorial! I do have an updated tutorial that walks you through of creating a GitHub App at The authentication flow that uses app installation access token is described on this page:

gidgethub has been mostly intuitive to me, except for app authentication.

Do you have suggestion on how to improve the GitHub Apps part of the doc? Personally I think I know “too much” on how this works, so I may not know what would be helpful to the newcomers.

Verify that everything the GitHub examples do is also done in GidgetHub (e.g., that webhooks were verified as part of creating an Event).

This might be a blind spot for me. The fact that gidgethub takes care of webhook secret verification is one of the reasons I’m using the library, but I realize that new users may not realize this. I would appreciate suggestion on how the doc can be improved.

I also saw other project like flit has a section about “Why use Flit” which explains the benefits of the library over other approach. Perhaps we could add something like it to gidgethub. Or perhaps the Motivation section can be further expanded. I think this particular section hasn’t been updated much since the start, and we have lots of new features now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authenticating with GitHub Apps
To authenticate as a GitHub App, generate a private key in PEM format and download it to your local machine. You'll use this...
Read more >
Authenticate Using GitHub with JavaScript - Firebase
You can integrate GitHub authentication either by using the Firebase SDK to carry out the sign-in flow, or by carrying out the GitHub...
Read more >
OAuth Flow - Documentation
To start the authentication flow, you need to craft a URL indicating your application needs to authenticate on behalf of the current user....
Read more >
GitHub Authentication Provider -
To add GitHub authentication, you must create either a GitHub App, or an OAuth App from the GitHub developer settings. The Homepage URL...
Read more >
OAuth 2.0 - Swagger
Client Credentials – Intended for the server-to-server authentication, this flow describes an approach when the client application acts on its own behalf ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found