-
-
Notifications
You must be signed in to change notification settings - Fork 11
/
index.js
42 lines (36 loc) · 1.2 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
// @ts-check
// @ts-ignore - #get-token is defined in "imports" in package.json
import { getToken } from "./lib/get-token.js";
/**
* @param {import(".").Options} options
* @returns {Promise<import(".").Result>}
*/
export default async function githubAppJwt({
id,
privateKey,
now = Math.floor(Date.now() / 1000),
}) {
// Private keys are often times configured as environment variables, in which case line breaks are escaped using `\\n`.
// Replace these here for convenience.
const privateKeyWithNewlines = privateKey.replace(/\\n/g, '\n');
// When creating a JSON Web Token, it sets the "issued at time" (iat) to 30s
// in the past as we have seen people running situations where the GitHub API
// claimed the iat would be in future. It turned out the clocks on the
// different machine were not in sync.
const nowWithSafetyMargin = now - 30;
const expiration = nowWithSafetyMargin + 60 * 10; // JWT expiration time (10 minute maximum)
const payload = {
iat: nowWithSafetyMargin, // Issued at time
exp: expiration,
iss: id,
};
const token = await getToken({
privateKey: privateKeyWithNewlines,
payload,
});
return {
appId: id,
expiration,
token,
};
}