Add GitHub App authentication support #20106
Open
+1,549
−64
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add GitHubAppAuth class for GitHub App authentication - Implement JWT generation using RS256 algorithm - Add automatic installation token management with caching - Auto-refresh tokens when expired or within 5-minute buffer - Support for GitHub Enterprise Server via custom base_url - Add GitHubAppAuthenticationError for auth-specific errors - Token expires after 1 hour with automatic refresh This provides an alternative to Personal Access Tokens (PAT) with better security, rate limits, and organization-level access control.
- Add 25 test cases covering all authentication scenarios - Test JWT generation, token caching, and refresh logic - Test client initialization with GitHub App auth - Test mutual exclusivity with PAT authentication - Test error handling for invalid credentials and expired tokens - Test token expiry validation with proper buffer handling - All tests passing with 100% success rate - Note: Contains test RSA key (not real credentials)
- Update GithubClient, GitHubIssuesClient, and GitHubCollaboratorsClient - Add github_app_auth parameter as alternative to github_token - Add validation to ensure mutual exclusivity of auth methods - Implement async _get_auth_headers() method in all clients - Auto-fetch fresh installation tokens for GitHub App auth - Maintain full backward compatibility with PAT authentication - Add conditional imports with graceful degradation if PyJWT not installed
- Add [project.optional-dependencies] section with github-app group - Include PyJWT[crypto]>=2.8.0 for RS256 JWT signing - Users can install with: pip install llama-index-readers-github[github-app] - Does not affect existing installations using PAT authentication
- Add comprehensive Authentication section to README - Include step-by-step GitHub App setup guide - Add code examples for both PAT and GitHub App authentication - Document token management and troubleshooting - Update CHANGELOG with feature additions and compatibility notes - Clarify installation requirements for optional dependencies
- Add github_app_example.py with three practical usage examples - Add GITHUB_APP_QUICKSTART.md for quick setup reference - Add IMPLEMENTATION_SUMMARY.md with technical details - Include examples for basic usage, filtering, and token management - Document common issues and troubleshooting steps - Provide implementation decisions and test results - Note: Documentation contains example private key placeholders
dosubot
bot
added
the
size:XXL
AstraBert
reviewed
Oct 20, 2025
llama-index-integrations/readers/llama-index-readers-github/IMPLEMENTATION_SUMMARY.md
Outdated
Show resolved
Hide resolved
llama-index-integrations/readers/llama-index-readers-github/CHANGELOG.md
Outdated
Show resolved
Hide resolved
...ntegrations/readers/llama-index-readers-github/llama_index/readers/github/github_app_auth.py
Outdated
Show resolved
Hide resolved
llama-index-integrations/readers/llama-index-readers-github/pyproject.toml
Outdated
Show resolved
Hide resolved
|
Looks like tests are failing because of the absence of PyJWT, I would probably add it to the dev dependencies ( uv pip install pre-commit
pre-commit install
pre-commit run -a
git add .
git commit -m "ci: lint"
git push <your-origin> github-app-authentication |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds GitHub App authentication as an alternative to Personal Access Tokens (PAT) for the GitHub reader integration. Since PATs are tied to a personal account we need authentication via GitHub app This enhancement provides better security, higher rate limits, and organization-level access control while maintaining full backward compatibility with existing PAT-based authentication.
Key Changes:
GitHubAppAuthclass implementing JWT generation and installation token management with automatic refreshGithubClient,GitHubIssuesClient,GitHubCollaboratorsClient) to support dual authentication methods[github-app]extraBenefits:
Fixes # (no existing issue)
New Package?
Did I fill in the
tool.llamahubsection in thepyproject.tomland provide a detailed README.md for my new integration or package?Version Bump?
Did I bump the version in the
pyproject.tomlfile of the package I am updating? (Except for thellama-index-corepackage)Type of Change
Please delete options that are not relevant.
How Has This Been Tested?
Your pull-request will likely not be merged unless it is covered by some form of impactful unit testing.
Testing Details:
Suggested Checklist:
examples/github_app_example.pyuv run make format; uv run make lintto appease the lint gods (will run if required)Additional Notes:
Backward Compatibility:
Commits:
Documentation: