auth-app.js icon indicating copy to clipboard operation
auth-app.js copied to clipboard
verified publisher icon octokit

Improve error message when `appId` is set to an incorrect value

Open gr2m opened this issue 3 years ago • 3 comments

follow up to https://github.com/octokit/request.js/issues/505#issuecomment-1213055795

I wonder if we can throw a better error message to help users who ran into the same problem as you did.

The underlying library is @octokit/auth-app. My test code looks like this

const auth = createAppAuth({
  appId,
  privateKey
});

auth({
  type: "installation",
  installationId,
}).then(console.log, console.log);

When privateKey is valid, but appId is not the current ID, then I retrieve the "A JSON web token could not be decoded" that @nasirmajid in the linked issue above, which is verbatim the message we get from GitHub's REST API.

@timrogers I tested the JWT that is sent to GitHub and it's not correct that the JWT cannot be decoded, the JWT is valid. However the iss value won't match the signature, as it's an incorrect app ID.

We could catch this case in the library and provide a more helpful error message, e.g. at least include the APP ID. But It would be even better if the error message from GitHub's REST API would be improved to include the iss aka app ID when it can be retrieved from the passed JWT

gr2m avatar Aug 12 '22 19:08 gr2m

@gr2m Thanks for submitting the issue! I'm happy to look on the GitHub side. Would you be able to provide example values of appId and privateKey that generate the result you're seeing?

timrogers avatar Aug 15 '22 12:08 timrogers

There you go

const auth = createAppAuth({
  // dummy credentials
  appId: 100001,
  privateKey: `-----BEGIN RSA PRIVATE KEY-----
MIIBOgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END RSA PRIVATE KEY-----`,
});

// Retrieve JSON Web Token (JWT) to authenticate as app
auth({
  type: "installation",
  installationId: 1,
}).then(console.log, console.log);
// logs "RequestError [HttpError]: A JSON web token could not be decoded" error

gr2m avatar Aug 30 '22 17:08 gr2m 

"A JSON web token could not be decoded"

Man, it took me hours to dig into my used JWT generators. An then turned out that it was incorrect just because the appid didn't match!

gotham8x avatar Aug 06 '23 16:08 gotham8x