Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 4

Bad Credentials when creating a check run

Solved! Go to Solution.

I've been trying to test out the new GitHub check runs API and ran into a wall. I am able to create a JWT token successfully and use it on the Authenticated App API (https://developer.github.com/v3/apps/#get-the-authenticated-github-app) to get a successful response. When I try to call the create a check run API (https://developer.github.com/v3/checks/runs/#create-a-check-run), I am getting a 401 response with the message "Bad Credentials". I am changing the accept header to the value listed on the create a check run page (have also tried with the accept header from authenticated app api). Looking for some help to figure out where I am going wrong. Should the JWT be modified to access check run endpoints or should the same JWT work?

Followed these directions on authenticating with apps:
https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/

Below is the Raw Request and Response from one of my attempts. As far as I can tell this should work according to the documentation. I've also made sure my app has the checks:write permission and is subscribed to the check_suite and check_run webhooks. I am getting data on my server from the check_suite webhook and know that is working.

RAW Request (Omitted some private data)

POST https://api.github.com/repos/AJNielsen/DarkRelativity/check-runs HTTP/1.1
Authorization: Bearer OMITTED
Content-Type: application/json
Content-Length: 355
Host: api.github.com
User-Agent: mdtapp001
Accept: application/vnd.github.antiope-preview+json

{"name":"MyFirstCheck","head_sha":"0054662f1565831624186f590d4dbad87e07bcd6","status":"queued","started_at":"2018-11-01T16:30:00Z","output":{"title":"MyFirstCheckTitle","summary":"Checking your codes","text":"This is text data.","images":[{"alt":"A link","image_url":"OMITTED","caption":"A captioned link"}]}}

Raw Response

HTTP/1.1 401 Unauthorized
Date: Fri, 02 Nov 2018 16:16:03 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 83
Server: GitHub.com
Status: 401 Unauthorized
X-GitHub-Media-Type: github.antiope-preview; format=json
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 57
X-RateLimit-Reset: 1541178552
Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Content-Security-Policy: default-src 'none'
X-GitHub-Request-Id: E682:4A9A:5C35:732B:5BDC7838

{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

3 Replies
Highlighted
Solution
Copilot Lvl 3
Message 2 of 4

Re: Bad Credentials when creating a check run

You need to create an [installation token](https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticati...) using the JWT. That is the token you use to do other API calls. Note that it has an expiration and needs refreshed occasionally.

Copilot Lvl 2
Message 3 of 4

Re: Bad Credentials when creating a check run

Thanks! Sorry about wasting your time. I realize that I should have made that connection, but I kept reading the API as authenticating as a GitHub App and just got that stuck in my head that it should work. 

 

I went back to read the check run API and it doesn't mention using installation tokens for auth. It makes a lot of sense that it should be using an installation token especially since I went through installing the app.

 

Check Run API: https://developer.github.com/v3/checks/runs/

 

Ground Controller Lvl 1
Message 4 of 4

Re: Bad Credentials when creating a check run

Meaning after create a installation token via https://api.github.com/app/installations/{installation_id}/access_tokens using your previously generated JWT..... you're going to pass that generated token to the /check-runs create endpoint? as Bearer token?