[BUG]: Handle 403 responses same as 401 responses in the first 3 seconds after an installation access token was created

[gr2m]

What happened?

This is a follow up to

• #65

Related to this code

https://github.com/octokit/auth-app.js/blob/d3d913372515d33517af1afcf43eee195454b903/src/hook.ts#L108-L152

I learned today that we also have to handle 403 response, the reason is as follows

401 - We can't find your token yet. 403 - We found your scoped installation token with limited permissions, but the permissions they write aren't replicated yet.

We also heard from a partner that they 5s timeout might not be sufficient, but that is something we could address in a follow up. Instead of the hardcoded 5s timeout, we could provide a callback for users to provide more sophisticated retries.

Versions

Latest Node, latest octokit

Relevant log output

No response

Code of Conduct

• [x] I agree to follow this project's Code of Conduct

[github-actions[bot]]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀