Question about Github API Authentication

John Medina August 30, 2022

Hello, 

I'm working on a dataProviderModule to retrieve data from an external source (via Github API calls). I am authenticating my API calls as coming from a Github App authentication, and have tested it with a local application I created and have gotten valid responses. In trying to replicate it on a dataProviderModule, I've come up with consistent `401` errors. 

Is there anything that I may be missing when it comes to making external API calls with Compass apps (like the dataProviderModule) that I need to be considering? Or any examples I can be trying to follow when it comes to getting data from external sources within a Compass app?

1 answer

0 votes
Sascha Reuter August 30, 2022

Did you maybe forget to add your authentication provider to your dataProvider function in the manifest?

I didn't work on a compass:dataProvider module yet, but this is how it looks for a panel.

Screen Shot 2022-08-30 at 12.58.19 pm.png

John Medina August 30, 2022

That's interesting. Do you know where I could find the documentation for this?

John Medina August 30, 2022

And with your approach, did you then just authenticate the API request like you normally would (through questmate) within the function body?

Sascha Reuter August 30, 2022

In our case, the API authentication is based on tokens acquired through OAuth2, just like Github. The documentation for that lives here: https://developer.atlassian.com/platform/forge/runtime-reference/external-fetch-api/

Edit: Actually, the best place to look for an example is: https://developer.atlassian.com/platform/forge/manifest-reference/providers/#authentication

I also just remembered setting this up with Github in the past, so it definitely should work. If you have problems though let me know, and I can quickly jump on a Zoom call and help you out.

Like # people like this
John Medina August 30, 2022

I never found any of this documentation. Thanks. I'll give this a go and get back to this thread.

Like Sascha Reuter likes this
Henry Olson
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 30, 2022

Hi @John Medina @Sascha Reuter , as far as I know, the externalAuthentication Forge module only supports 3LO authentication flows currently (e.g. with user context). Github Apps by nature act on their own behalf (2LO) and don't use user-based authentication, so I'm not sure they would work with the forge authentication module.

For the Compass Github app we developed in house, we're using a Github App and the following guide explains the authentication steps: https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-a-github-app

In short, the GitHub App has a private key, and our Forge app uses that key to sign a JWT to communicate with the GitHub app. We also need to use the installation_id returned from the installation flow to generate an Installation Access Token, or IAT, which the Forge app can use to communicate with a specific GitHub app installation and get information from the connected Github org, repos, etc. If you're getting a 401 response, it might be that you're using the wrong token for the API call you're making (like using the JWT to get installation-specific information). It's hard to say without seeing the code.

Github App setup is a complicated process to say the least. If you want to use the built in Forge module, another option is to create an Oauth app on the Github side instead, which acts on behalf of a user. You can read more on the differences here: https://docs.github.com/en/developers/apps/getting-started-with-apps/differences-between-github-apps-and-oauth-apps. There are some marked differences, since the app will be acting as a user and will be limited to the scopes the user has. But it's probably simpler to set up :) 

Hopefully this helps, and if not, happy to discuss more about our implementation and how we decided between using a Github App or an Oauth App.

Like # people like this
John Medina September 12, 2022

Hi @Henry Olson , I have attempted to follow the documentation you've sent above.

I am still however running into various issues (namely `undefined installation tokens` and `JSON Webtokens unable to be decoded`) with my Compass app implementation.

I have recreated the same methods I'm using to authenticate my API calls in a local node.js app, and each approach work just fine.

It would be great if we could have a discussion to help figure out what I may be missing when it comes to authenticating a Github App installation in Compass.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events