Correct Authentication Flow?

[0xmovses]

I have registered a github app and would like users to be able to authenticate to the app via Github OAuth. I can't see a clear example of how to do this, doc comments and example seem to say different things.

My env vars are set.

Here is a handler I'm using for testing

async fn octocrab_callback() -> impl IntoResponse {
    let app_id = read_env_var("GH_APP_ID").parse::<u64>().unwrap().into();
    let app_private_key = env::var("GH_SECRET_PEM").expect("GH_SECRET_PEM must be set");
    let key = jsonwebtoken::EncodingKey::from_rsa_pem(app_private_key.as_bytes()).unwrap();

    let octocrab = match Octocrab::builder().app(app_id, key).build() {
        Ok(octocrab) => octocrab,
        Err(e) => panic!("Error building octocrab: {}", e),
    };

    let user_repos = octocrab
        .current()
        .list_repos_for_authenticated_user()
        .type_("owner")
        .sort("updated")
        .per_page(100)
        .send()
        .await
        .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR);

    println!("user repos: {:?}", user_repos);
    let success = "Successfully authenticated with GitHub App";
    Json(success)
}

If I remove the list_repos_for_authenticated_user() call, I get a 200. Currently the .map_err() closure is being executed with a 500 error.

This is the flow I am trying to do: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app

Github is successfully calling the callback URL which calls that handler function I've provided. Should I be using different octocrab builder args?

[aarchangel64]

For anybody struggling with this, take a look at the installation method on Octocrab.

For example:

    let octocrab = Octocrab::builder().app(app_id, key).build()?;
    let installations = octocrab
        .apps()
        .installations()
        .send()
        .await
        .unwrap()
        .take_items();

    let install = installations
        .iter()
        .find(|&i| i.account.login == "your-user-or-org")
        .unwrap();
    
    octocrab.installation(install.id);

    // Use `octocrab` as normal to make an API request ...