go-github icon indicating copy to clipboard operation
go-github copied to clipboard
verified publisher icon google

Unable to Parse Private Key

Open coleglencairn opened this issue 1 year ago • 8 comments

Hi, I am trying to use the ghinstallation ghinstallation.New() method, as referenced in the docs, to create a transport for use in my github client, but I am having trouble with my RSA key being parsed. When I used ghinstallation.NewKeyFromFile() everything worked fine, but swapping to New() and feeding in a string of the key as a byte gives me the following error: could not parse private key: Invalid Key: Key must be PEM encoded PKCS1 or PKCS8 private key. I am confused by this because in their transport_test.go they are doing it the exact same way and I have to assume the tests are passing. I tried using go-githubauth as well, but ran into the same issue so it seems like the problem may exist somewhere in here for reading the key value in this way. Am I missing something?

  • key declaration: https://github.com/bradleyfalzon/ghinstallation/blob/d680810648e94347929da00376d1e7067f3572dd/transport_test.go#L27-L53
  • using key in New(): https://github.com/bradleyfalzon/ghinstallation/blob/d680810648e94347929da00376d1e7067f3572dd/transport_test.go#L167

My code is like this:

var key = `-----BEGIN RSA PRIVATE KEY-----
KEY GOES HERE
-----END RSA PRIVATE KEY-----`

itr, err := ghinstallation.New(
		http.DefaultTransport,
		99,
		123,
		[]byte(key),
)
if err != nil {
log.Fatal("github authentication error: ", err)
}
githubClient := github.NewClient(&http.Client{Transport: itr})

coleglencairn avatar Aug 07 '24 20:08 coleglencairn

@bradleyfalzon - can you please comment?

gmlewis avatar Aug 07 '24 20:08 gmlewis

Is there a native way to handle the auth without either of the other packages? I just need something to get me by for now and I would rather not have to read from a file for this value if I can help it.

coleglencairn avatar Aug 13 '24 18:08 coleglencairn

Did you take a look at this basic auth example? https://github.com/google/go-github/blob/master/example/basicauth/main.go

gmlewis avatar Aug 13 '24 18:08 gmlewis

Did you take a look at this basic auth example? https://github.com/google/go-github/blob/master/example/basicauth/main.go

Does that work for GitHub app auth?

coleglencairn avatar Aug 13 '24 18:08 coleglencairn

Sorry, I don't know. We'll need someone who has worked with GitHub app auth to respond.

gmlewis avatar Aug 13 '24 18:08 gmlewis

Both implementations seem to call jwt.ParseRSAPrivateKeyFromPEM -> pem.Decode. Maybe the content of key []byte is just wrong.

refs: https://github.com/jferrl/go-githubauth/blob/main/auth.go#L61 https://github.com/bradleyfalzon/ghinstallation/blob/d680810648e94347929da00376d1e7067f3572dd/appsTransport.go#L48 https://github.com/golang-jwt/jwt/blob/main/rsa_utils.go#L11

air-hand avatar Aug 28 '24 12:08 air-hand

Decode

I can take a look in https://github.com/jferrl/go-githubauth just to try to fix it.

jferrl avatar Sep 07 '24 09:09 jferrl

Im trying to reproduce the issue with go-githubauth

package main

import (
	"fmt"

	"github.com/jferrl/go-githubauth"
)

const key = `-----BEGIN RSA PRIVATE KEY-----
KEY GOES HERE
-----END RSA PRIVATE KEY-----`

func main() {
	_, err := githubauth.NewApplicationTokenSource(123456, []byte(key))
	if err != nil {
		fmt.Println("Error creating application token source:", err)
		return
	}
}

and seems to be ok. @coleglencairn

jferrl avatar Sep 07 '24 09:09 jferrl

Closing due to inactivity.

gmlewis avatar Mar 17 '25 23:03 gmlewis