Skip to main content
GitHub Apps Authentication Guide

How to authenticate GitHub Apps with Tines

Daniel Stoeski avatar
Written by Daniel Stoeski
Updated over 2 months ago

GitHub, Inc. is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project.

To authenticate with a GitHub Apps installation token, you will need the following:

  • "Client ID" of the GitHub App - Required to generate a JWT token to obtain an installation token.

  • "Private key" of the GitHub App - Required to generate a JWT token to obtain an installation token.

Firstly, create a GitHub App in GitHub

  1. Navigate to the GitHub Apps page: https://github.com/settings/apps

  2. Click "New GitHub App"

  3. Fill out "GitHub App name", "Homepage URL" and make a selection for where the GitHub App can be installed.

  4. Click "Create GitHub App"

  5. Click "General"

  6. Copy your "Client ID" to a text editor

  7. Click "Generate a private key" to download a private key


  8. Click "Permissions & events" and select the relevant permissions

  9. Click "Install App" and install it to the required account/organisation

Next, create resources and credentials in Tines

You will need to create the following:

  • Resources: "GitHub Org" / "GitHub Username", "GitHub Client ID"

  • Credentials:

    • Text type: "GitHub Private Key"

    • Multi Request type: "GitHub Installation Token"

Resources

  1. Login to your Tines tenant

  2. Navigate to the team that will be using the API and click "Resources"

  3. Click "+ New"

  4. Input the values for the GitHub resource

    • Name: GitHub Org / GitHub Username

    • Description: Optional

    • Builder: Your GitHub org/username

  5. Click "Save resource"

  6. Click "+ New"

  7. Input the values for the GitHub resource

    • Name: GitHub Client ID

    • Description: Optional

    • Builder: Your GitHub App's client ID

  8. Click "Save resource"

Credentials

  1. Navigate to the team that will be using the API and click "Credentials"

  2. Click "+ New" and select "Text"

  3. Input the values for the GitHub credential

    • Name: GitHub Private Key

    • Description: Optional

    • Value: Your GitHub private key

      • Ensure that "Preserve newline characters" is selected

  4. Click "Save"

  5. Click "+ New" and select "Multi Request"

  6. Input the values for the GitHub credential

    • Name: GitHub Installation Token

    • Description: Optional

  7. Under HTTP Request 1, click "<> Edit as JSON" and paste the following JSON:

    {
    "url": "https://api.github.com/orgs/<<RESOURCE.github_org>>/installation",
    "content_type": "application_json",
    "method": "get",
    "headers": {
    "Authorization": "Bearer <<JWT_SIGN(LOCAL,CREDENTIAL.github_private_key)>>"
    },
    "local": {
    "iat": "=NUMBER(DATE(\"60 seconds ago\",\"%s\"))",
    "exp": "=NUMBER(DATE(\"10 mins from now\", \"%s\"))",
    "iss": "=RESOURCE.github_client_id"
    },
    "customize_output": "=SET_KEY(\n OUTPUT,\n \"jwt\",\n JWT_SIGN(\n OBJECT(\n \"iat\",\n NUMBER(DATE(\n \"60 seconds ago\",\n \"%s\"\n )),\n \"exp\",\n NUMBER(DATE(\n \"10 mins from now\",\n \"%s\"\n )),\n \"iss\",\n RESOURCE.github_client_id\n ),\n CREDENTIAL.github_private_key\n )\n)"
    }

    • For an app installed in a user account, change the url to https://api.github.com/users/<<RESOURCE.github_username>>/installation

  8. Click "Done"

  9. Click "Save"

  10. Under HTTP Request 1, click "Run request" and confirm that the request is successful

  11. Under HTTP Request 2, click "<> Edit as JSON" and paste the following JSON:

    {
    "url": "<<PREVIOUS_STEP.github_installation_token.body.access_tokens_url>>",
    "content_type": "application_json",
    "method": "post",
    "payload": {},
    "headers": {
    "Authorization": "Bearer <<PREVIOUS_STEP.github_installation_token.jwt>>"
    }
    }

  12. Click "Done"

  13. Click "Save"

  14. Under HTTP Request 2, click "Run request" and confirm that the request is successful and double click on the key named token in the response.

  15. Location of token from response: Paste the value copied in the previous step, i.e. github_installation_token.body.token

  16. Click "Save"

Lastly, using the credential in an action

When you make an API request, include the Multi Request type credential in the Authorization header after "Bearer" like:

Bearer <<CREDENTIAL.github_installation_token>>

An example action to get the contents of a repo you can copy and paste onto your storyboard:

{"standardLibVersion":"62","actionRuntimeVersion":"14","agents":[{"disabled":false,"name":"Get repo contents","description":null,"options":"{\"url\":\"https://api.github.com/repos/<<owner>>/<<repo>>/contents\",\"content_type\":\"application_json\",\"method\":\"get\",\"headers\":{\"Authorization\":\"Bearer <<CREDENTIAL.github_installation_token>>\"}}","position":{"x":5715,"y":300},"type":"httpRequest","timeSavedUnit":"minutes","timeSavedValue":0,"monitorAllEvents":false,"monitorFailures":false,"monitorNoEventsEmitted":null,"caseConfiguration":{"subStatus":null},"recordType":null,"recordWriters":[],"form":null,"createdFromTemplateGuid":null,"createdFromTemplateVersion":null,"originStoryIdentifier":"cloud:aa47f8215c6f30a0dcdb2a36a9f4168e:86b7576feeb7d3b547f14441bd59f25c"}],"links":[],"diagramNotes":[]}

For more on creating credentials in Tines, click here.

You can find a selection of GitHub stories in the story library

Did this answer your question?