Different etag
is returned for same response when sent with different installation access tokens from the same app
#75228
-
Select Topic AreaQuestion BodyI'm not sure if this is a bug or by design. I would expect the value for the Here is a minimal test case: https://runkit.com/gr2m/etag-changes-for-same-github-app-but-different-installation-access-token/1.0.0 code & outputCode const { App, Octokit } = require("octokit")
main();
async function main() {
const app = new App({
appId: process.env.GITHUB_APP_ID,
privateKey: process.env.GITHUB_APP_PRIVATE_KEY.replace(/\\n/g, "\n"),
});
const { data: appInfo } = await app.octokit.request("GET /app");
console.log(`Authenticated as ${appInfo.html_url}`);
const [firstInstallation] = await app.octokit.paginate(
"GET /app/installations"
);
console.log(
`Installation ID #${firstInstallation.id} for ${firstInstallation.account.login}`
);
const installationAuth1 = await app.octokit.auth({
type: "installation",
installationId: firstInstallation.id,
refresh: true,
});
const installationAuth2 = await app.octokit.auth({
type: "installation",
installationId: firstInstallation.id,
refresh: true,
});
// verify that tokens are different
console.log(
`Tokens are different: ${
installationAuth1.token !== installationAuth2.token
}`
);
// get etag for the same endpoint twice using the same token
const octokit1 = new Octokit({
auth: installationAuth1.token,
});
await check(1, firstInstallation.id, octokit1, installationAuth1.token);
await check(2, firstInstallation.id, octokit1, installationAuth1.token);
// ... and then again for the other token
const octokit2 = new Octokit({
auth: installationAuth2.token,
});
await check(3, firstInstallation.id, octokit2, installationAuth2.token);
await check(4, firstInstallation.id, octokit2, installationAuth2.token);
}
async function check(number, id, octokit, token) {
const {
headers: { etag: etag1 },
} = await octokit.request("GET /orgs/{org}/repos", {
org: "community",
});
console.log(
`Check ${number}: installtion #${id} got etag ${etag1} for token ending in ${token.slice(
-5
)}`
);
} Output
This code is sending a request to the I see the same behavior when sending a request with different personal access tokens for the same user. But personal access tokens may be long lived, while installation access tokens expire after only 1h. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 4 replies
-
const { App, Octokit } = require("octokit"); main(); async function main() { const { data: appInfo } = await app.octokit.request("GET /app"); const [firstInstallation] = await app.octokit.paginate( // Cache the installation access token // Use the cached token for subsequent requests // Perform your checks with the same token async function check(number, id, octokit, token) { console.log( |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
I confirmed that |
Beta Was this translation helpful? Give feedback.
-
Thanks @gr2m . I just spent a couple of hours being very confused, thought this was the case, and you've confirmed it. :) Do you have any idea how https://docs.github.com/en/rest/using-the-rest-api/best-practices-for-using-the-rest-api?apiVersion=2022-11-28 gets updated for this? Would be a very useful addition. |
Beta Was this translation helpful? Give feedback.
I confirmed that
etag
hashes depend on the access tokens that are used. If a token changes, so does theetag
. No way around it 😭