Expand description
JWT generation for GitHub App authentication.
After app creation we have the App ID + private key (PEM). For any API call that operates on the App’s identity (e.g. listing installations, issuing installation access tokens), we sign a short-lived JWT with the private key as RS256. GitHub then trades that JWT for an installation access token scoped to a specific installation.
Functions§
- sign_
app_ jwt - Sign a JWT for the given app id + PEM private key. Lives 9 minutes (GitHub’s max is 10; subtract 1 for clock skew).