Skip to content

Commit

Permalink
Make JWT generation more legible
Browse files Browse the repository at this point in the history
  • Loading branch information
@joecorall
joecorall committed Jan 7, 2025
1 parent 4688f0b commit 84792ba
Showing 1 changed file with 25 additions and 3 deletions.
28 changes: 25 additions & 3 deletions ci/fetch-app-token.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,37 @@ if [[ ! -f "$PRIVATE_KEY_FILE" ]]; then
exit 1
fi

b64url_encode() {
base64 -w 0 | tr -d '=' | tr '/+' '_-' | tr -d '\n'
}

PRIVATE_KEY=$(cat "$PRIVATE_KEY_FILE")

NOW=$(date +%s)
# 5 minutes from now
EXPIRATION=$((NOW + 300))

JWT_HEADER=$(jq -n '{"alg":"RS256","typ":"JWT"}' | base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n')
JWT_PAYLOAD=$(jq -n --argjson iat "$NOW" --argjson exp "$EXPIRATION" --arg iss "$APP_ID" '{"iat":$iat,"exp":$exp,"iss":$iss}' | base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n')
JWT_SIGNATURE=$(echo -n "${JWT_HEADER}.${JWT_PAYLOAD}" | openssl dgst -sha256 -sign <(echo "$PRIVATE_KEY") | base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n')

JWT_HEADER=$(jq -n \
'{
"alg":"RS256",
"typ":"JWT"
}' | b64url_encode
)
JWT_PAYLOAD=$(jq -n \
--argjson iat "$NOW" \
--argjson exp "$EXPIRATION" \
--arg iss "$APP_ID" \
'{
"iat": $iat,
"exp": $exp,
"iss": $iss
}' | b64url_encode
)
JWT_SIGNATURE=$(echo -n "${JWT_HEADER}.${JWT_PAYLOAD}" \
| openssl dgst -sha256 -sign <(echo "$PRIVATE_KEY") \
| b64url_encode
)
JWT="${JWT_HEADER}.${JWT_PAYLOAD}.${JWT_SIGNATURE}"

RESPONSE=$(curl -s -X POST "https://api.github.com/app/installations/${INSTALL_ID}/access_tokens" \
Expand Down

0 comments on commit 84792ba

Please sign in to comment.