Skip to content

fix: app_bot_login fails to initialize — GET /user not available to GitHub App installation tokens #1113

Description

@rnetser

Problem

app_bot_login fails to initialize because the code uses get_user().login — an endpoint (GET /user) that is not available to GitHub App installation tokens. This is a GitHub platform limitation, not a permissions issue. Installation tokens authenticate as an app, not a user, so GET /user always returns 403.

Root Cause

webhook_server/libs/github_api.py line 555:

lambda: _github_app_api.get_user().login  # always 403 for app tokens

Impact

Feature Normal behavior When app_bot_login is empty
/cherry-pick-retry Finds old failed cherry-pick PR → closes it → creates fresh retry Skips close → duplicate cherry-pick PRs pile up
/rebase on bot PRs Only assignee or maintainer can rebase Any valid command runner can rebase (auth degradation)

Additionally, the error traceback is logged on every webhook event, spamming server logs.

Proposed Fix

Replace get_user().login with GET /app{app.slug}[bot]:

app = _github_app_api.get_app()
self.app_bot_login = f"{app.slug}[bot]"

GET /app is designed for app tokens and returns the app metadata including slug.

Done

  • Replace get_user().login with get_app().slug + [bot] suffix in github_api.py
  • Update tests
  • Verify no other code uses get_user() on app installation tokens

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions