ghclient.AppsService requires JWT authentication

[botchniaque]

Almost all operations in githubClient require installation access token, except calls made by AppsService which require JWT.

Following the instructions in the readme makes it impossible to get the AppsService calls work. I work around the issue by creating a separate client for apps calls using the AppsTransport, and using the other installation Transport to make all other calls.

It would be great if one could create single client using the correct auth method depending on the call.

My workaround:

const gheBaseUrl = "https://my-ghe-installation-url/api/v3"

tr := http.DefaultTransport
appId := 99
installationId := 99

jwtTransport, _ := ghinstallation.NewAppsTransportKeyFromFile(tr, appId, "path/to/key.pem")
installationTokenTransport := ghinstallation.NewFromAppsTransport(jwtTransport, installationId)

installationTokenTransport.BaseURL = gheBaseUrl
jwtTransport.BaseURL = gheBaseUrl

ghClient, _ := github.NewEnterpriseClient(gheBaseUrl, fmt.Sprintf("%s/upload", gheBaseUrl), &http.Client{Transport: installationTokenTransport})
appsGhClient, _ := github.NewEnterpriseClient(gheBaseUrl, fmt.Sprintf("%s/upload", gheBaseUrl),&http.Client{Transport: jwtTransport})

// this client can authenticate all calls except `Apps.Get()`
ghClient.Apps = appsGhClient.Apps

[wlynch]

I'm not sure this is something that should be handled in ghinstallation - this library itself isn't actually aware of the API calls being made beyond the get installation token method. What's nice about this is that ghinstallation doesn't need to be updated for any new API calls.

I'm also not sure if there are endpoints that can be authenticated with both a JWT or installation token, which could make knowing the auth method to use ambiguous in certain cases based on URL path alone.

It probably makes more sense to make this type of decision in the client (e.g. go-github) where we know for certain what token we need to use.