You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I'm working on a dataProviderModule to retrieve data from an external source (via Github API calls). I am authenticating my API calls as coming from a Github App authentication, and have tested it with a local application I created and have gotten valid responses. In trying to replicate it on a dataProviderModule, I've come up with consistent `401` errors.
Is there anything that I may be missing when it comes to making external API calls with Compass apps (like the dataProviderModule) that I need to be considering? Or any examples I can be trying to follow when it comes to getting data from external sources within a Compass app?
In our case, the API authentication is based on tokens acquired through OAuth2, just like Github. The documentation for that lives here: https://developer.atlassian.com/platform/forge/runtime-reference/external-fetch-api/
Edit: Actually, the best place to look for an example is: https://developer.atlassian.com/platform/forge/manifest-reference/providers/#authentication
I also just remembered setting this up with Github in the past, so it definitely should work. If you have problems though let me know, and I can quickly jump on a Zoom call and help you out.
Hi @John Medina @Sascha Reuter , as far as I know, the externalAuthentication Forge module only supports 3LO authentication flows currently (e.g. with user context). Github Apps by nature act on their own behalf (2LO) and don't use user-based authentication, so I'm not sure they would work with the forge authentication module.
For the Compass Github app we developed in house, we're using a Github App and the following guide explains the authentication steps: https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app
In short, the GitHub App has a private key, and our Forge app uses that key to sign a JWT to communicate with the GitHub app. We also need to use the installation_id returned from the installation flow to generate an Installation Access Token, or IAT, which the Forge app can use to communicate with a specific GitHub app installation and get information from the connected Github org, repos, etc. If you're getting a 401 response, it might be that you're using the wrong token for the API call you're making (like using the JWT to get installation-specific information). It's hard to say without seeing the code.
Github App setup is a complicated process to say the least. If you want to use the built in Forge module, another option is to create an Oauth app on the Github side instead, which acts on behalf of a user. You can read more on the differences here: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps. There are some marked differences, since the app will be acting as a user and will be limited to the scopes the user has. But it's probably simpler to set up :)
Hopefully this helps, and if not, happy to discuss more about our implementation and how we decided between using a Github App or an Oauth App.
Hi @Henry Olson , I have attempted to follow the documentation you've sent above.
I am still however running into various issues (namely `undefined installation tokens` and `JSON Webtokens unable to be decoded`) with my Compass app implementation.
I have recreated the same methods I'm using to authenticate my API calls in a local node.js app, and each approach work just fine.
It would be great if we could have a discussion to help figure out what I may be missing when it comes to authenticating a Github App installation in Compass.