GitHub relaxing the requirement of the construction of the GitHub App's JWT (under private_key_jwt) is interesting, especially if now you don't need to know the installation ID to auth.

Presumably this also means that on GitHub's side they're still limiting access to repos that an installation has access to, but I'd have assumed that by doing it by installation ID you'd get additional checks

(I'd been lazy in the past and would rarely persist the installation ID, needing me to then go in and find it through the GitHub UI πŸ˜…)

Also on:

This post was filed under notes.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.