I want to implement a factory for creating GitHubAPI clients for my GitHub Apps that are authenticated for different roles. Already Gidgethub makes it easy to create a GitHubAPI that includes the OAuth token for a GitHub App's installation in a repo or org so that client doesn't need the oauth_token info repeated for each request.

I was thinking about doing the equivalent for a GitHub App's authentication as an app, which uses the jwt computed by gidgethub.apps.get_jwt. Doing this would involve:

• Adding a jwt to the GitHubAPI constructor and making sure oauth_token wasn't also passed in.
• Using the cached jwt in the request methods

Does this feature sound reasonable? The caveat is that the jwt has a short lifespan; I'm not sure if we'd need provide a way refresh the jwt and what that should look like. Should the GitHubAPI instance actually cache the private key and app id??

If you're interested I'd be happy to put together a PR. Thanks!

I think storing the app_id and private key would be useful, and perhaps make these optional or only if oauth token wasn't passed. So user should pass either oauth_token or the app_id and private_key combination.
With the app_id and private_key passed, the library should be able to:

• if JWT is none, request a new one and store it
• if there's JWT and it hasn't expired, use it
• if there's JWT and it has expired, refresh it

If there's no app_id, no private_key, then it should fallback to needing oauth_token.

Such addition will make it easier for working with GitHub Apps as a default going forward.

Thanks @Mariatta, I like the idea of managing the JWT if app_id and private_key are provided. I'll try implementing it and should have a PR soon 😄