Utility to generate tokens to interact with GitHub API via GitHub App integration

Overview

GitHub App Authentication for integration with GitHub

Introduction

GitHub Apps are the officially recommended way to integrate with GitHub because of their support for granular permissions to access data. For more information see About Apps

The github-app-auth application is specifically designed to enable integration of third-party CI/CD systems with GitHub by generating a token that can be used to interact with the GitHub API available to GitHub Apps. A list of endpoints available to GitHub Apps is documented here

Examples

Retrieving a list of repositories with the GH CLI

The GitHub CLI allows for convenient access to GitHub from the command line. We can retrieve a list of repositories the GitHub App has permission to access by invoking it with the GITHUB_TOKEN environment variable set to the installation token generated by github-app-auth.

GITHUB_TOKEN=$(github-app-auth <app-id> <private-key>) gh repo list
  • <app-id> is the GitHub App ID
  • <private-key> is the path to the GitHub App PEM encoded private key

Uploading a SARIF file

The GitHub documentation for using CodeQL in a CI system provides the following example for uploading results.

echo "$UPLOAD_TOKEN" | codeql github upload-results --repository=<repository-name> \
      --ref=<ref> --commit=<commit> --sarif=<file> \
      --github-auth-stdin

The $UPLOAD_TOKEN must be a token with the security_events scope as described in the CodeQL manual here.

With github-app-auth application that relies on a GitHub App to generate a token the example becomes.

github-app-auth <app-id> <private-key> | codeql github upload-results --repository=<repository-name> \
      --ref=<ref> --commit=<commit> --sarif=<file> \
      --github-auth-stdin
  • <app-id> is the GitHub App ID
  • <private-key> is the path to the GitHub App PEM encoded private key
Releases(v1.1.0)
Owner
GitHub Advanced Security
Workshops and demo's
GitHub Advanced Security
Generate and verify JWT tokens with Trusted Platform Module (TPM)

golang-jwt for Trusted Platform Module (TPM) This is just an extension for go-jwt i wrote over thanksgiving that allows creating and verifying JWT tok

null 2 Mar 2, 2022
Generate and verify JWT tokens with PKCS-11

golang-jwt for PKCS11 Another extension for go-jwt that allows creating and verifying JWT tokens where the private key is embedded inside Hardware lik

null 0 Dec 6, 2021
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

golandscape 13 Mar 23, 2022
Minting OIDC tokens from GitHub Actions for use with OpenFaaS

minty Experiment for minting OIDC tokens from GitHub Actions for use with OpenFaaS Why would you want this? Enable third-parties to deploy to your ope

Alex Ellis 9 Oct 31, 2021
:key: Secure alternative to JWT. Authenticated Encrypted API Tokens for Go.

branca branca is a secure alternative to JWT, This implementation is written in pure Go (no cgo dependencies) and implements the branca token specific

Wesley Hill 165 Jun 21, 2022
Authenticated encrypted API tokens (IETF XChaCha20-Poly1305 AEAD) for Golang

branca.go is branca token specification implementation for Golang 1.15+.

ESSENTIAL KAOS 38 Jun 27, 2022
Authenticated and encrypted API tokens using modern crypto

Branca Token Authenticated and encrypted API tokens using modern crypto. What? Branca is a secure, easy to use token format which makes it hard to sho

Mika Tuupola 185 May 22, 2022
A Sample Integration of Google and GitHub OAuth2 in Golang (GoFiber) utilising MongoDB

Go Oauth Server This is sample OAuth integration written in GoLang that also uses MongoDB. This is a sample TODO Application where people can Create a

Hemanth Krishna 8 Apr 25, 2022
Safe, simple and fast JSON Web Tokens for Go

jwt JSON Web Token for Go RFC 7519, also see jwt.io for more. The latest version is v3. Rationale There are many JWT libraries, but many of them are h

cristaltech 552 Jul 2, 2022
Golang implementation of JSON Web Tokens (JWT)

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

Dave Grijalva 10.4k Jul 4, 2022
Platform-Agnostic Security Tokens implementation in GO (Golang)

Golang implementation of PASETO: Platform-Agnostic Security Tokens This is a 100% compatible pure Go (Golang) implementation of PASETO tokens. PASETO

Oleg Lobanov 608 Jun 26, 2022
Herbert Fischer 197 Jun 10, 2022
A go implementation of JSON Web Tokens

jwt-go A go (or 'golang' for search engine friendliness) implementation of JSON Web Tokens NEW VERSION COMING: There have been a lot of improvements s

null 2.8k Jun 29, 2022
an stateless OpenID Connect authorization server that mints ID Tokens from Webauthn challenges

Webauthn-oidc Webauthn-oidc is a very minimal OIDC authorization server that only supports webauthn for authentication. This can be used to bootstrap

Arian van Putten 13 May 16, 2022
Golang jwt tokens without any external dependency

Yet another jwt lib This is a simple lib made for small footprint and easy usage It allows creating, signing, reading and verifying jwt tokens easily

Karpel├Ęs Lab Inc. 1 Oct 11, 2021
A simple and lightweight library for creating, formatting, manipulating, signing, and validating JSON Web Tokens in Go.

GoJWT - JSON Web Tokens in Go GoJWT is a simple and lightweight library for creating, formatting, manipulating, signing and validating Json Web Tokens

Toby 5 Feb 7, 2022
Microservice generates pair of access and refresh JSON web tokens signed by user identifier.

go-jwt-issuer Microservice generates pair access and refresh JSON web tokens signed by user identifier. ?? Deployed on Heroku Run tests: export SECRET

Oleksii Velychko 27 Apr 14, 2022
Go module with token package to request Azure Resource Manager and Azure Graph tokens.

azAUTH Go module with token package to request Azure Resource Manager and Azure Graph tokens. prerequisites Install azure cli: https://docs.microsoft.

Bart 1 Dec 1, 2021
OauthMicroservice-cassandraCluster - Implement microservice of oauth using golang and cassandra to store user tokens

implement microservice of oauth using golang and cassandra to store user tokens

Mehdi 1 Jan 24, 2022