Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🚀[Feature]: Add functionality to autorefresh managed IATs when expired #196

Open
MariusStorhaug opened this issue Dec 10, 2024 · 1 comment
Labels
feature New feature

Comments

@MariusStorhaug
Copy link
Member

MariusStorhaug commented Dec 10, 2024

Description

When running the GitHub module as a GitHub App via automation:
In function app for automation, we want to be able to have context retained and ready when a function is called towards a target.

When the IAT is detected and we have the context for the app, refresh the IAT.

Scenario:

  • Automation is running in the context of a GitHub App (no IATs currently defined).
  • Automation needs to run Delete-GitHubTeam -Name 'someTeam' -Organization 'someOrg'.
    • Delete-GitHubTeam requires, IAT, UAT or PAT, Team permission
  • Module gets the context matching the request:
    • Type = IAT
    • Permissions contains 'Teams'
    • TargetType = 'organization'
    • Target = 'someOrg'
  • If the IAT is found:
    • Module checks that the time now is greater than my TokenExpirationDate (subtract a var offset that can be stored in config)
    • Check if parent is available:
      • Type = 'App'
      • ClientID = $me.ClientID
  • Recreate context for the IAT (or just refresh the token)
@MariusStorhaug
Copy link
Member Author

Should the 'parent' be stored in the context of the managed IAT, or should the function assume a naming convention?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New feature
Projects
Status: Todo
Development

No branches or pull requests

1 participant