How to authenticate a bot as an installation

[trigaten]

Select Topic Area

Question

Body

I have written a Github bot that responds to issues and opens PRs. It is currently running on Heroku. Whenever it takes an action, the action shows up as being done from my personal account. I understand that this is because I am using a user access token from my account.

I would like the bot to act on its own behalf, not using my profile. This page in Github docs contains instructions on how to do this, but I am having difficulty following the article. It outlines three steps:

1. Generate a JSON web token (JWT) for your app.
   I have done this step.
2. Get the ID of the installation that you want to authenticate as.
   I am confused here. I looked at this page and ran the following, replacing with the JWT (is this correct)?

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>"\
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/app/installations/1

This was the response, which I do not know how to interpret:

{
  "message": "'Expiration time' claim ('exp') must be a numeric value representing the future time at which the assertion expires",
  "documentation_url": "https://docs.github.com/rest"
}

3. Send a REST API POST request to /app/installations/INSTALLATION_ID/access_tokens.
   I haven't gotten to this step yet. Overall, I don't understand why this complex process is necessary (I lack network/security background). Why couldn't I be able to just get a token from the bot page like I do for the user access token?

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬