github-app-token: Generate an installation access token for a GitHub App

[ http, library, mit ] [ Propose Tags ] [ Report a vulnerability ]
Versions [RSS] 0.0.0.1, 0.0.1.1, 0.0.1.2, 0.0.2.0, 0.0.3.0
Change log CHANGELOG.md
Dependencies aeson (>=2.0.3.0), base (>=4.16.4.0 && <5), bytestring (>=0.11.4.0), http-conduit (>=2.3.8.1), http-types (>=0.12.3), jwt (>=0.11.0), monoidal-containers (>=0.6.4.0), path (>=0.9.2), semigroups (>=0.20), text (>=1.2.5.0), time (>=1.11.1.1), unliftio (>=0.2.25.0) [details]
License MIT
Author
Maintainer Freckle Education
Category HTTP
Home page https://github.com/freckle/github-app-token#readme
Bug tracker https://github.com/freckle/github-app-token/issues
Source repo head: git clone https://github.com/freckle/github-app-token
Uploaded by PatrickBrisbin at 2024-09-26T19:44:55Z
Distributions NixOS:0.0.3.0
Downloads 103 total (20 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs available [build log]
Last success reported on 2024-09-26 [all 1 reports]

Readme for github-app-token-0.0.3.0

[back to package description]

GitHub App Token

Hackage Stackage Nightly Stackage LTS CI

Generate an installation access token for a GitHub App

Getting an AccessToken

import Prelude

import Data.Aeson (FromJSON)
import Data.ByteString.Char8 qualified as BS8
import Data.Text (Text)
import Data.Text.Encoding (encodeUtf8)
import GHC.Generics (Generic)
import GitHub.App.Token
import Network.HTTP.Simple
import Network.HTTP.Types.Header (hAuthorization, hUserAgent)
import System.Environment

getAppToken :: IO AccessToken
getAppToken = do
  appId <- AppId . read <$> getEnv "GITHUB_APP_ID"
  privateKey <- PrivateKey . BS8.pack <$> getEnv "GITHUB_PRIVATE_KEY"
  installationId <- InstallationId . read <$> getEnv "GITHUB_INSTALLATION_ID"

  let creds = AppCredentials {appId, privateKey}
  generateInstallationToken creds installationId

Using an AccessToken

data Repo = Repo
  { name :: Text
  , description :: Text
  }
  deriving stock (Eq, Show, Generic)
  deriving anyclass FromJSON

getRepo :: AccessToken -> String -> IO Repo
getRepo token name = do
  req <- parseRequest $ "https://api.github.com/repos/" <> name
  resp <- httpJSON
    $ addRequestHeader hAuthorization ("Bearer " <> encodeUtf8 token.token)
    $ addRequestHeader hUserAgent "github-app-token/example"
    $ req

  pure $ getResponseBody resp

Getting a Scoped AccessToken

By default, a token is created with repositories access and permissions as defined in the installation configuration. Either of these can be changed by using generateInstallationTokenScoped:

getScopedAppToken :: IO AccessToken
getScopedAppToken = do
  appId <- AppId . read <$> getEnv "GITHUB_APP_ID"
  privateKey <- PrivateKey . BS8.pack <$> getEnv "GITHUB_PRIVATE_KEY"
  installationId <- InstallationId . read <$> getEnv "GITHUB_INSTALLATION_ID"

  let
    creds = AppCredentials {appId, privateKey}
    create = mempty
      { repositories = ["freckle/github-app-token"]
      , permissions = contents Read
      }

  generateInstallationTokenScoped create creds installationId

Getting an AccessToken for an Owner

getOwnerAppToken :: IO AccessToken
getOwnerAppToken = do
  appId <- AppId . read <$> getEnv "GITHUB_APP_ID"
  privateKey <- PrivateKey . BS8.pack <$> getEnv "GITHUB_PRIVATE_KEY"

  let creds = AppCredentials {appId, privateKey}
  generateOwnerToken creds $ Org "freckle"

Getting a Self-Refreshing AccessToken

Installation tokens are good for one hour, after which point using them will respond with 401 Unauthorized. To avoid this, you can use the GitHub.App.Token.Refresh module to maintain a background thread that refreshes the token as necessary:

getRepos :: [String] -> IO [Repo]
getRepos names = do
  ref <- refreshing getAppToken

  repos <- for names $ \name -> do
    token <- getRefresh ref
    getRepo token name

  cancelRefresh ref
  pure repos

CHANGELOG | LICENSE