Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,241
Community Members
 
Community Events
176
Community Groups

Question about Github API Authentication

Hello, 

I'm working on a dataProviderModule to retrieve data from an external source (via Github API calls). I am authenticating my API calls as coming from a Github App authentication, and have tested it with a local application I created and have gotten valid responses. In trying to replicate it on a dataProviderModule, I've come up with consistent `401` errors. 

Is there anything that I may be missing when it comes to making external API calls with Compass apps (like the dataProviderModule) that I need to be considering? Or any examples I can be trying to follow when it comes to getting data from external sources within a Compass app?

1 answer

Did you maybe forget to add your authentication provider to your dataProvider function in the manifest?

I didn't work on a compass:dataProvider module yet, but this is how it looks for a panel.

Screen Shot 2022-08-30 at 12.58.19 pm.png

That's interesting. Do you know where I could find the documentation for this?

And with your approach, did you then just authenticate the API request like you normally would (through questmate) within the function body?

In our case, the API authentication is based on tokens acquired through OAuth2, just like Github. The documentation for that lives here: https://developer.atlassian.com/platform/forge/runtime-reference/external-fetch-api/

Edit: Actually, the best place to look for an example is: https://developer.atlassian.com/platform/forge/manifest-reference/providers/#authentication

I also just remembered setting this up with Github in the past, so it definitely should work. If you have problems though let me know, and I can quickly jump on a Zoom call and help you out.

Like # people like this

I never found any of this documentation. Thanks. I'll give this a go and get back to this thread.

Like Sascha Reuter likes this

Hi @John Medina @Sascha Reuter , as far as I know, the externalAuthentication Forge module only supports 3LO authentication flows currently (e.g. with user context). Github Apps by nature act on their own behalf (2LO) and don't use user-based authentication, so I'm not sure they would work with the forge authentication module.

For the Compass Github app we developed in house, we're using a Github App and the following guide explains the authentication steps: https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app

In short, the GitHub App has a private key, and our Forge app uses that key to sign a JWT to communicate with the GitHub app. We also need to use the installation_id returned from the installation flow to generate an Installation Access Token, or IAT, which the Forge app can use to communicate with a specific GitHub app installation and get information from the connected Github org, repos, etc. If you're getting a 401 response, it might be that you're using the wrong token for the API call you're making (like using the JWT to get installation-specific information). It's hard to say without seeing the code.

Github App setup is a complicated process to say the least. If you want to use the built in Forge module, another option is to create an Oauth app on the Github side instead, which acts on behalf of a user. You can read more on the differences here: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps. There are some marked differences, since the app will be acting as a user and will be limited to the scopes the user has. But it's probably simpler to set up :) 

Hopefully this helps, and if not, happy to discuss more about our implementation and how we decided between using a Github App or an Oauth App.

Like # people like this

Hi @Henry Olson , I have attempted to follow the documentation you've sent above.

I am still however running into various issues (namely `undefined installation tokens` and `JSON Webtokens unable to be decoded`) with my Compass app implementation.

I have recreated the same methods I'm using to authenticate my API calls in a local node.js app, and each approach work just fine.

It would be great if we could have a discussion to help figure out what I may be missing when it comes to authenticating a Github App installation in Compass.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events