My requirement is that I have written a lambda function in AWS for automatically creating a repository in GitHub using the GitHub API and PAT Token authentication.
def create_automatic_repo(repo_name):
query_url = f"https://api.github.com/api/v3/orgs/{org_name}/repos"
params = {
"name": repo_name
}
headers = {
'Authorization': f'token {secret[secretKey]}',
}
response = requests.post(query_url, headers=headers, data=json.dumps(params))
print("creating new repository response ", response)
print("creating new repository response content ", response.content)
We successfully created a repo using the Github API with PAT Token. Now we need to change authentication from PAT Token to the Github Apps.
I am trying to authenticate Github Apps using AppId and PrivateKey. I have generated the jwt token with the jwt token. I am trying to hit "https://api.github.com/app/installations/installation_id/access_tokens" this GitHub api for getting access_token. I am getting a 200 response but it is redirecting to the SAML authentication page.
$ curl -i \
-H "Authorization: token YOUR_INSTALLATION_ACCESS_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/api/v3/orgs/{org_name}/repos
This is the curl command I have found in the official document. If I have access_token, I can use the GitHub API for creating a repo through a lambda function in AWS.
I am attaching the flow which I have followed for Authentication for Github Apps. Here I am attaching the official document which I have followed : https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps
- Created Github Apps by giving homepage
urlas GitHub Organization url - Installed Github App under the organization level
- Wrote python code for generating jwt token
Here I am attaching the Python code for generating the JWT token and triggering the GitHub API for installation_Id. I am getting 200 responses but it is redirecting to the SAML authentication page.
import json
import os
import time
import jwt
import requests
from cryptography.hazmat.backends import default_backend
cert_bytes = open(r'first.txt', "r").read().encode()
print("prtinging cert_bytes ", cert_bytes)
private_key = default_backend().load_pem_private_key(cert_bytes, None)
time_since_epoch_in_seconds = int(time.time())
payload = {
# issued at time, 60 seconds in the past to allow for clock drift
"iat": time_since_epoch_in_seconds - 60,
# JWT expiration time (10 minute maximum)
"exp": time_since_epoch_in_seconds + (10 * 60),
# GitHub App's identifier
"iss": 231726,
}
encoded_payload = jwt.encode(payload, private_key, algorithm="RS256")
print("printing encoded_payload ", encoded_payload)
headers = {
'Authorization': f'Bearer {encoded_payload}'
}
resp = requests.get("https://api.github.com/app/installations/installation_id/access_tokens", headers=headers)
print('Code: ', resp.status_code)
print('Content: ', resp.content)
This is the Image which I am redirecting to the SAML Authentication Page:
I read the GitHub official documentation, and they mentioned that we needed to activate a SAML session to authenticate Github Apps: https://docs.github.com/en/enterprise-cloud@latest/authentication/authenticating-with-saml-single-sign-on/about-authentication-with-saml-single-sign-on#about-oauth-apps-github-apps-and-saml-sso
But I didn't see the option to enable to SSO SAML authentication as mentioned in the document. : https://docs.github.com/en/enterprise-cloud@latest/organizations/managing-saml-single-sign-on-for-your-organization/enabling-and-testing-saml-single-sign-on-for-your-organization#enabling-and-testing-saml-single-sign-on-for-your-organization
This is the Image where I did not find option for enabling the SAML Authentication:
[
]
Can you please help us on enabling SAML authentication for accessing Github Apps Authentication Process without PAT Token or is there any other way for GitHub authentication from lambda function in aws using GitHub api's apart from PAT Token.
