[jira] [Commented] (NIFI-13231) Update GitHubFlowRegistryClient to generate App Installation Token

Fri, 24 May 2024 07:15:25 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-13231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849309#comment-17849309
 ] 

David Handermann commented on NIFI-13231:
-----------------------------------------

Thanks [~vanshchaudhary]. If you have any questions during the implementation, 
feel free to raise here, otherwise I can review the pull request when you have 
it ready.

The GitHub API library includes a 
[JWTTokenProvider|https://github.com/hub4j/github-api/blob/main/src/main/java/org/kohsuke/github/extras/authorization/JWTTokenProvider.java]
 that handles the process of generating a JWT from an Application ID and 
Private Key, so that should be helpful. As documented in that class, it does 
not perform any kind of caching, but it does incorporate time-based validity 
checking, so it should be possible to create an use an instance of the class in 
the GitHub Flow Registry Client.

> Update GitHubFlowRegistryClient to generate App Installation Token
> ------------------------------------------------------------------
>
>                 Key: NIFI-13231
>                 URL: https://issues.apache.org/jira/browse/NIFI-13231
>             Project: Apache NiFi
>          Issue Type: Improvement
>    Affects Versions: 2.0.0-M3
>            Reporter: Brian Ghigiarelli
>            Assignee: Vansh Chaudhary
>            Priority: Major
>
> The new GitHubFlowRegistryClient accepts two types of authentication:
>  # Personal Access Token
>  # App Installation Token
> The App Installation Token requires the user to input the token as a 
> property, then uses that to communicate with GitHub. However, this token is 
> short-lived and would require frequent updates (~hourly).
> Instead of directly providing the token, the GitHubFlowRegistryClient should 
> accept as properties:
>  # App ID
>  # Private Key (PEM text format)
> and use these values to generate a short-lived token, following the guide at 
> https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-json-web-token-jwt-for-a-github-app#generating-a-json-web-token-jwt



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to