pub trait AuthenticationProvider: Send + Sync {
// Required methods
fn app_token<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<JsonWebToken, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn refresh_installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn list_installations<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<Installation>, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
fn get_installation_repositories<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<Vec<Repository>, AuthError>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait;
}Expand description
Main interface for GitHub App authentication operations.
Provides two authentication levels:
- App-level: JWT tokens for operations as the GitHub App (discovering installations, managing app)
- Installation-level: Installation tokens for operations within a specific installation context
See docs/spec/architecture/app-level-authentication.md for detailed usage patterns.
Required Methods§
Sourcefn app_token<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<JsonWebToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn app_token<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<JsonWebToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Get JWT token for app-level GitHub API operations.
Use this for operations that require authentication as the GitHub App itself, such as:
- Listing installations (
GET /app/installations) - Getting app information (
GET /app) - Managing installations (
GET /app/installations/{installation_id})
This method handles caching and automatic refresh of JWTs.
§Examples
// Get JWT for app-level operations
let jwt = auth.app_token().await?;
// Use jwt.token() in Authorization: Bearer headerSourcefn installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Get installation token for installation-level API operations.
Use this for operations within a specific installation context, such as:
- Repository operations (reading files, creating issues/PRs)
- Organization operations (team management, webhooks)
- Any operation scoped to the installation’s permissions
This method handles caching and automatic refresh of installation tokens.
§Arguments
installation_id- The installation to get a token for
§Examples
let installation_id = InstallationId::new(123456);
let token = auth.installation_token(installation_id).await?;
// Use token.token() in Authorization: Bearer headerSourcefn refresh_installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn refresh_installation_token<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<InstallationToken, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Refresh installation token (force new token generation).
Bypasses cache and requests a new installation token from GitHub. Use sparingly as it counts against rate limits.
Sourcefn list_installations<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<Installation>, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn list_installations<'life0, 'async_trait>(
&'life0 self,
) -> Pin<Box<dyn Future<Output = Result<Vec<Installation>, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
List all installations for this GitHub App.
Requires app-level authentication. This is a convenience method that combines app_token() with the list installations API call.
Sourcefn get_installation_repositories<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<Vec<Repository>, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
fn get_installation_repositories<'life0, 'async_trait>(
&'life0 self,
installation_id: InstallationId,
) -> Pin<Box<dyn Future<Output = Result<Vec<Repository>, AuthError>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
Get repositories accessible by installation.
Requires installation-level authentication. This is a convenience method that combines installation_token() with the list repositories API call.