Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

404 when attempting to get a token for an organisation scoped app installation #76

Closed
ctcampbell opened this issue Nov 6, 2023 · 3 comments

Comments

@ctcampbell
Copy link

I have an app installation set up on an organisation, having followed the docs on this repo. It appears the lookup is being done against the /users/... endpoint which doesn't seem correct for an organisation?

Run actions/create-github-app-token@v1
  with:
    app-id: ***
    private-key: ***
    owner: pre-quantum-research
repositories not set, creating token for all repositories for given owner "pre-quantum-research"
RequestError [HttpError]: Not Found
    at /home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:2890:25
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async main (/home/runner/work/_actions/actions/create-github-app-token/v1/dist/main.cjs:10071:22) {
  status: 404,
  response: {
    url: 'https://api.github.com/users/pre-quantum-research/installation',
    status: 404,
    headers: {
      'access-control-allow-origin': '*',
      'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
      'content-encoding': 'gzip',
      'content-security-policy': "default-src 'none'",
      'content-type': 'application/json; charset=utf-8',
      date: 'Mon, 06 Nov 2023 16:52:05 GMT',
      'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
      server: 'GitHub.com',
      'strict-transport-security': 'max-age=3[15](https://github.com/pre-quantum-research/pqc-data/actions/runs/6773907521/job/18409828846#step:2:16)36000; includeSubdomains; preload',
      'transfer-encoding': 'chunked',
      vary: 'Accept-Encoding, Accept, X-Requested-With',
      'x-content-type-options': 'nosniff',
      'x-frame-options': 'deny',
      'x-github-api-version-selected': '2022-11-28',
      'x-github-media-type': 'github.v3; format=json',
      'x-github-request-id': '4820:56A0:49A3574:96BB6B3:6549[19](https://github.com/pre-quantum-research/pqc-data/actions/runs/6773907521/job/18409828846#step:2:21)B5',
      'x-xss-protection': '0'
    },
    data: {
      message: 'Not Found',
      documentation_url: 'https://docs.github.com/rest/apps/apps#get-a-user-installation-for-the-authenticated-app'
    }
  },
  request: {
    method: 'GET',
    url: 'https://api.github.com/users/pre-quantum-research/installation',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'actions/create-github-app-token',
      authorization: 'bearer [REDACTED]'
    }
  }
}
@gr2m
Copy link
Contributor

gr2m commented Nov 6, 2023

It appears the lookup is being done against the /users/... endpoint which doesn't seem correct for an organisation?

We do both. There is no unified REST API endpoint, so we try the org lookup first, and then do the user lookup:

// Otherwise get the installation for the owner, which can either be an organization or a user account
// https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-repository-installation-for-the-authenticated-app
const response = await request("GET /orgs/{org}/installation", {
org: parsedOwner,
headers: {
authorization: `bearer ${appAuthentication.token}`,
},
}).catch((error) => {
/* c8 ignore next */
if (error.status !== 404) throw error;
// https://docs.github.com/rest/apps/apps?apiVersion=2022-11-28#get-a-user-installation-for-the-authenticated-app
return request("GET /users/{username}/installation", {
username: parsedOwner,
headers: {
authorization: `bearer ${appAuthentication.token}`,
},
});

I agree the error we through could be more helpful though. We should make clear that an installation was not found for pre-quantum-research and do not share the details about the final failed request to the /users/{org}/installation endpoint.

In your case, it looks like the app is not installed on @pre-quantum-research. If you register a GitHub app, you still need to install it, even if it's an app private to your organization.

@ctcampbell
Copy link
Author

In your case, it looks like the app is not installed on @pre-quantum-research. If you register a GitHub app, you still need to install it, even if it's an app private to your organization.

You are absolutely correct, silly me 😅

@gr2m
Copy link
Contributor

gr2m commented Nov 6, 2023

No worries, I've been there countless times myself 😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants