/// <summary> /// Gets cert, signs jwt token and generates an installation token for msgraph installation instance /// </summary> /// <returns>installation token</returns> internal async Task <string> GetGithubAppToken() { if (!string.IsNullOrEmpty(_configuration[Constants.GitHubToken])) { return(_configuration[Constants.GitHubToken]); } if (_cache.TryGetValue(Constants.GitHubToken, out string token)) { return(token); } var KeyIdentifier = _configuration[Constants.KeyIdentifier]; //create azurekeyvault client var client = GetAzureKeyVaultClient(); var certificateBundle = await client.GetSecretAsync(KeyIdentifier); //insert missing newlines that cause a problem on reading the certificate var sections = certificateBundle.Value.Split("-----BEGIN RSA PRIVATE KEY-----", StringSplitOptions.RemoveEmptyEntries); sections = sections[0].Split("-----END RSA PRIVATE KEY-----", StringSplitOptions.RemoveEmptyEntries); //insert missing newlines that cause a problem on reading the certificate string key = "-----BEGIN RSA PRIVATE KEY-----\r\n" + sections[0] + "\r\n-----END RSA PRIVATE KEY-----"; var utcNow = DateTime.UtcNow; var payload = new Dictionary <string, object> { { "iat", ToUtcSeconds(utcNow) }, { "exp", ToUtcSeconds(utcNow.AddSeconds(600)) }, { "iss", 62050 } }; var jwtToken = JWTHelper.CreateEncodedJwtToken(key, payload); // Pass the JWT as a Bearer token to Octokit.net var appClient = new GitHubClient(new ProductHeaderValue(_configuration.GetValue <string>("product"))) { Credentials = new Credentials(jwtToken, AuthenticationType.Bearer) }; // Get a list of installations for the authenticated GitHubApp and installationID for microsoftgraph var installations = await appClient.GitHubApps.GetAllInstallationsForCurrent(); var id = installations.Where(installation => installation.Account.Login == "microsoftgraph").FirstOrDefault().Id; // Create an Installation token for the microsoftgraph installation instance var response = await appClient.GitHubApps.CreateInstallationToken(id); token = response.Token; //set cache to expire at the same time as the token var cacheEntryOptions = new MemoryCacheEntryOptions().SetAbsoluteExpiration(response.ExpiresAt); _cache.Set(Constants.GitHubToken, token, cacheEntryOptions); return(token); }