github3.exceptions.AuthenticationFailed: 401 'Expiration time' claim ('exp') must be a numeric value representing the future time at which the assertion expires

Hello Team,
Firstly, Thanks for your effort on github3.py library. It works great for us.

Recently, we have come across an issue when authenticating app as an installation using github3.github.GitHub.login_as_app_installation. We get the following error:

github3.exceptions.AuthenticationFailed: 401 'Expiration time' claim ('exp') must be a numeric value representing the future time at which the assertion expires

It seems this is a popular issue when authenticating GitHub app using JWT tokens because of clock sync ( ref#1, ref#2), and the fix seems to be having a large expiry time (maximum 10 mins allowed ).

So, if you allow an argument like expire_in for github3.github.GitHub.login_as_app_installation, this should be resolved. Please let know if I am missing something, or there is a better solution than increasing the expiry time. Thanks.

If you'd like to send a pull request to add that as a optional keyword argument to

github3.py/src/github3/github.py

Lines 1430 to 1478 in 99a65b2

    
               def login_as_app_installation( 
        
                   self, private_key_pem, app_id, installation_id 
        
               ): 
        
                   """Login using your GitHub App's installation credentials. 
        
                   .. versionadded:: 1.2.0 
        
                   .. seealso:: 
        
                       `Authenticating as an Installation`_ 
        
                           GitHub's documentation of authenticating as an installation. 
        
                       `Create a new installation token`_ 
        
                           API Documentation 
        
                   .. note:: 
        
                       This method makes an API call to retrieve the token. 
        
                   .. warning:: 
        
                       This method expires after 1 hour. 
        
                   :param bytes private_key_pem: 
        
                       The bytes of the private key for this GitHub Application. 
        
                   :param int app_id: 
        
                       The integer identifier for this GitHub Application. 
        
                   :param int installation_id: 
        
                       The integer identifier of your App's installation. 
        
                   .. _Authenticating as an Installation: 
        
                       https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation 
        
                   .. _Create a new installation token: 
        
                       https://developer.github.com/v3/apps/#create-a-new-installation-token 
        
                   """ 
        
                   # NOTE(sigmavirus24): This JWT token does not need to last very long. 
        
                   # Instead of allowing it to stick around for 10 minutes, let's limit 
        
                   # it to 30 seconds. 
        
                   jwt_token = apps.create_token(private_key_pem, app_id, expire_in=30) 
        
                   bearer_auth = session.AppBearerTokenAuth(jwt_token, 30) 
        
                   url = self._build_url( 
        
                       "app", "installations", str(installation_id), "access_tokens" 
        
                   ) 
        
                   with self.session.no_auth(): 
        
                       response = self.session.post( 
        
                           url, auth=bearer_auth, headers=apps.APP_PREVIEW_HEADERS 
        
                       ) 
        
                       json = self._json(response, 201) 
        
                   self.session.app_installation_token_auth(json)

I'd happily merge that. I'd like it to still default to 30s to keep the existing behaviour with documentation linking to what you've found and an explanation that one can increase that.

Sure. Thanks @sigmavirus24.

	def login_as_app_installation(
	self, private_key_pem, app_id, installation_id
	):
	"""Login using your GitHub App's installation credentials.

	.. versionadded:: 1.2.0

	.. seealso::

	`Authenticating as an Installation`_
	GitHub's documentation of authenticating as an installation.
	`Create a new installation token`_
	API Documentation

	.. note::

	This method makes an API call to retrieve the token.

	.. warning::

	This method expires after 1 hour.

	:param bytes private_key_pem:
	The bytes of the private key for this GitHub Application.
	:param int app_id:
	The integer identifier for this GitHub Application.
	:param int installation_id:
	The integer identifier of your App's installation.

	.. _Authenticating as an Installation:
	https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#authenticating-as-an-installation
	.. _Create a new installation token:
	https://developer.github.com/v3/apps/#create-a-new-installation-token
	"""
	# NOTE(sigmavirus24): This JWT token does not need to last very long.
	# Instead of allowing it to stick around for 10 minutes, let's limit
	# it to 30 seconds.
	jwt_token = apps.create_token(private_key_pem, app_id, expire_in=30)
	bearer_auth = session.AppBearerTokenAuth(jwt_token, 30)
	url = self._build_url(
	"app", "installations", str(installation_id), "access_tokens"
	)
	with self.session.no_auth():
	response = self.session.post(
	url, auth=bearer_auth, headers=apps.APP_PREVIEW_HEADERS
	)
	json = self._json(response, 201)

	self.session.app_installation_token_auth(json)