Adding jwt caching in GitHubAPI, like oauth_token?
jonathansick opened this issue · comments
I want to implement a factory for creating GitHubAPI
clients for my GitHub Apps that are authenticated for different roles. Already Gidgethub makes it easy to create a GitHubAPI
that includes the OAuth token for a GitHub App's installation in a repo or org so that client doesn't need the oauth_token
info repeated for each request.
I was thinking about doing the equivalent for a GitHub App's authentication as an app, which uses the jwt
computed by gidgethub.apps.get_jwt
. Doing this would involve:
- Adding a
jwt
to theGitHubAPI
constructor and making sureoauth_token
wasn't also passed in. - Using the cached
jwt
in the request methods
Does this feature sound reasonable? The caveat is that the jwt has a short lifespan; I'm not sure if we'd need provide a way refresh the jwt and what that should look like. Should the GitHubAPI instance actually cache the private key and app id??
If you're interested I'd be happy to put together a PR. Thanks!
I think storing the app_id
and private key
would be useful, and perhaps make these optional or only if oauth token wasn't passed. So user should pass either oauth_token or the app_id
and private_key
combination.
With the app_id
and private_key
passed, the library should be able to:
- if JWT is none, request a new one and store it
- if there's JWT and it hasn't expired, use it
- if there's JWT and it has expired, refresh it
If there's no app_id, no private_key, then it should fallback to needing oauth_token.
Such addition will make it easier for working with GitHub Apps as a default going forward.
Thanks @Mariatta, I like the idea of managing the JWT if app_id
and private_key
are provided. I'll try implementing it and should have a PR soon 😄