Skip to content

Adaptive Enforcement Lab

Token Refresh Patterns

adaptive-enforcement-lab/adaptive-enforcement-lab-com

Token Refresh Patterns¶

Token Expiration¶

Installation tokens expire after 1 hour.

sequenceDiagram

%% Ghostty Hardcore Theme
    participant W as Workflow
    participant A as Action
    participant G as GitHub API
    participant R as Repository

    W->>A: Create token (app-id + private-key)
    A->>G: Request installation token
    G->>A: Return token (valid 1 hour)
    A->>W: Output token
    W->>R: API operations
    R->>W: Success

    Note over A,G: Token valid for 60 minutes
    Note over W,R: Automatic refresh on next call

    W->>A: Create token (same job, later)
    A->>G: Request new token
    G->>A: Return fresh token
    A->>W: Output new token

Automatic Token Refresh¶

The action automatically generates fresh tokens on each call.

jobs:
  long-running:
    runs-on: ubuntu-latest
    steps:
      - name: Initial token
        id: token1
        uses: actions/create-github-app-token@v2
        with:
          app-id: ${{ secrets.CORE_APP_ID }}
          private-key: ${{ secrets.CORE_APP_PRIVATE_KEY }}
          owner: adaptive-enforcement-lab

      - name: Operation 1 (using token1)
        env:
          GH_TOKEN: ${{ steps.token1.outputs.token }}
        run: gh repo list adaptive-enforcement-lab --limit 50

      # ... 50 minutes of processing ...

      - name: Refresh token
        id: token2
        uses: actions/create-github-app-token@v2
        with:
          app-id: ${{ secrets.CORE_APP_ID }}
          private-key: ${{ secrets.CORE_APP_PRIVATE_KEY }}
          owner: adaptive-enforcement-lab

      - name: Operation 2 (using fresh token2)
        env:
          GH_TOKEN: ${{ steps.token2.outputs.token }}
        run: gh repo list adaptive-enforcement-lab --limit 50

Token Refresh Strategy

For workflows longer than 30 minutes, regenerate tokens periodically to avoid expiration errors.

Error Handling for Expired Tokens¶

For workflows that may exceed token lifetime, regenerate tokens periodically or implement retry logic with token refresh between attempts.

Related Documentation¶

Token Generation - Creating installation tokens
Long Workflows - Managing tokens in extended workflows
Caching & Rate Limits - Token reuse strategies
Security Best Practices - Secure token handling

References¶

actions/create-github-app-token - Official action documentation
Installation Access Tokens

Comments