Hallo I’m trying to figure out how to recivece a installation token from my GitHub App via PowerShell.
Generating JWT based on private PEM
Following code is used which is basically copied from the GitHub guide.
<code>function Generate-JWT-FromGithub
{
$client_id = <<APP_ID>>
$private_key_path = <<LOKAL_PATH_TO_MY_PEM_FILE>>
try {
$header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
alg = "RS256"
typ = "JWT"
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
iss = $client_id
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$rsa = [System.Security.Cryptography.RSA]::Create()
$rsa.ImportFromPem((Get-Content $private_key_path -Raw))
$signature = [Convert]::ToBase64String($rsa.SignData([System.Text.Encoding]::UTF8.GetBytes("$header.$payload"), [System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1)).TrimEnd('=').Replace('+', '-').Replace('/', '_')
$jwt = "$header.$payload.$signature"
return $jwt
}
catch {
Handle-Error $_.Exception.Message
}
}
</code>
<code>function Generate-JWT-FromGithub
{
$client_id = <<APP_ID>>
$private_key_path = <<LOKAL_PATH_TO_MY_PEM_FILE>>
try {
$header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
alg = "RS256"
typ = "JWT"
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
iss = $client_id
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$rsa = [System.Security.Cryptography.RSA]::Create()
$rsa.ImportFromPem((Get-Content $private_key_path -Raw))
$signature = [Convert]::ToBase64String($rsa.SignData([System.Text.Encoding]::UTF8.GetBytes("$header.$payload"), [System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1)).TrimEnd('=').Replace('+', '-').Replace('/', '_')
$jwt = "$header.$payload.$signature"
return $jwt
}
catch {
Handle-Error $_.Exception.Message
}
}
</code>
function Generate-JWT-FromGithub
{
$client_id = <<APP_ID>>
$private_key_path = <<LOKAL_PATH_TO_MY_PEM_FILE>>
try {
$header = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
alg = "RS256"
typ = "JWT"
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$payload = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((ConvertTo-Json -InputObject @{
iat = [System.DateTimeOffset]::UtcNow.AddSeconds(-10).ToUnixTimeSeconds()
exp = [System.DateTimeOffset]::UtcNow.AddMinutes(10).ToUnixTimeSeconds()
iss = $client_id
}))).TrimEnd('=').Replace('+', '-').Replace('/', '_');
$rsa = [System.Security.Cryptography.RSA]::Create()
$rsa.ImportFromPem((Get-Content $private_key_path -Raw))
$signature = [Convert]::ToBase64String($rsa.SignData([System.Text.Encoding]::UTF8.GetBytes("$header.$payload"), [System.Security.Cryptography.HashAlgorithmName]::SHA256, [System.Security.Cryptography.RSASignaturePadding]::Pkcs1)).TrimEnd('=').Replace('+', '-').Replace('/', '_')
$jwt = "$header.$payload.$signature"
return $jwt
}
catch {
Handle-Error $_.Exception.Message
}
}
Get Installation Token from GitHub API
<code>function Get-InstallationToken {
param(
$JwtToken,
$InstallationId
)
$Headers = @{
Authorization = "Bearer $JwtToken"
Accept = "application/vnd.github.v3+json"
"X-GitHub-Api-Version" = "2022-11-28"
}
$Url = "https://api.github.com/app/installations/$InstallationId/access_tokens"
$Response = Invoke-RestMethod -Method Post -Uri $Url -Headers $Headers
return $Response.token
}
</code>
<code>function Get-InstallationToken {
param(
$JwtToken,
$InstallationId
)
$Headers = @{
Authorization = "Bearer $JwtToken"
Accept = "application/vnd.github.v3+json"
"X-GitHub-Api-Version" = "2022-11-28"
}
$Url = "https://api.github.com/app/installations/$InstallationId/access_tokens"
$Response = Invoke-RestMethod -Method Post -Uri $Url -Headers $Headers
return $Response.token
}
</code>
function Get-InstallationToken {
param(
$JwtToken,
$InstallationId
)
$Headers = @{
Authorization = "Bearer $JwtToken"
Accept = "application/vnd.github.v3+json"
"X-GitHub-Api-Version" = "2022-11-28"
}
$Url = "https://api.github.com/app/installations/$InstallationId/access_tokens"
$Response = Invoke-RestMethod -Method Post -Uri $Url -Headers $Headers
return $Response.token
}
Call in PowerShell 7
<code>$InstallationId = <<ID_FROM_MY_GITHUB_APP>>
$JwtToken = Generate-JWT-FromGithub
$InstallationToken = Get-InstallationToken -JwtToken $JwtToken -InstallationId $InstallationId
</code>
<code>$InstallationId = <<ID_FROM_MY_GITHUB_APP>>
$JwtToken = Generate-JWT-FromGithub
$InstallationToken = Get-InstallationToken -JwtToken $JwtToken -InstallationId $InstallationId
</code>
$InstallationId = <<ID_FROM_MY_GITHUB_APP>>
$JwtToken = Generate-JWT-FromGithub
$InstallationToken = Get-InstallationToken -JwtToken $JwtToken -InstallationId $InstallationId
Following issue I’m facing
Response status code does not indicate success: 401 (Unauthorized).
I made sure that the PEM file is valid. Also I checked twice the APP_ID and Installation ID.
Results all the time in “Response status code does not indicate success: 401 (Unauthorized).”
New contributor
groundhogday is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.