Incorrect target url about auth-app.js HOT 5 CLOSED

Thank you for reporting the issue, I'll look into it!

I am also not user the accept header is correct. I am under the impression that is intended to be the GitHub App name.

You mean the accept: 'application/vnd.github.machine-man-preview+json' header? That is currently required to be set for the POST/app/installations/access_tokens endpoint. This is most likely a problem with https://github.com/octokit/auth-app.js/

from auth-app.js.

Ah that makes sense. Yes, I think @octokit/auth-app is the better place to discuss this. I'll move the issue over there.

A GitHub App has two means of authentication

1. As the app itself. Only a few endpoints accept this form of authentication. It is mostly used to create installation access tokens and to iterate through installations. The endpoints requiring authenticating as app are listed here: https://developer.github.com/v3/apps/
2. As an installation. When you install an app on your GitHub user account or a GitHub organization, the GitHub app will be able to generation installation access tokens with the permissions requested by the app. They are similar to the OAuth/Personal access tokens. In order to create such an installation access token, you need to know the installation ID.

Often times you need an installation ID when you act upon a webhook request retrieved by GitHub. These webhook payloads include the installation ID in its payload.

If you want to manually find out the installation ID, open the APPs page and then installation configuration page. For example, install https://github.com/apps/wip/ on your account. The URL of that settings page will look like this: https://github.com/settings/installations/12345. 12345 is the installation ID. I assume it's the same with GitHub Enterprise Server.

You are not the first who is confused by this, I'm very open to suggestions on how to improve the library (e.g. better error messages) and/or how to improve the documentation.

I was looking into automatically setting setting the correct authentication type automatically, by deriving the correct strategy form the API endpoint. E.g. octokit.repos.getContents sends a request to GET /repos/:owner/:repo/contents/:path. Based on that, I know the correct authentication strategy is an installation token, and I can derive that from :owner. Unfortunately not all endpoints use the owner prefix yet, so this would work for some methods, but not all, probably causing even more confusion. So I'm holding off until GitHub added new endpoints replacing the old ones such as "Update a project", which currently is PATCH /projects/:project_id, but it really should be PATCH /repos/:owner/:repo/projects/:project_id.

Sorry, that was probably more information than you asked for :) I hope I could convey the difference between app & installation authentication and why it's ... complicated

from auth-app.js.

closing due to inactivity. As a reminder, you need to set installationId on auth: { appId, privateKey, installationId } in order to utilize repository APIs

from auth-app.js.

Where does Octokit come from in your code example? The octokit.repos.getContents method implies you load rest endpoint methods, but you seem to only load the admin methods via enterpriseServer219Admin?

Is Octokit imported from @octokit/rest or @octokit/core? What version? Can you run npm ls | grep octokit and paste the output here?

from auth-app.js.

Rest. I updated the example.

The issue was that I was missing the installationId in the Auth Object. However, I could not find any docs about what this is or how to obtain installationId. I used the App ID for this field and that seems to work. Would a ticket on @octokit/auth-app better suit the situation?

from auth-app.js.