From 86f83346dd6eed8bdca3c93fd7901634ff54ee8c Mon Sep 17 00:00:00 2001
From: Jonathan Styles <github@jontyms.com>
Date: Sat, 6 Jun 2026 15:40:09 -0400
Subject: [PATCH] Fix GitHub App auth: pass app id as string JWT issuer

PyJWT >=2.10 rejects non-string `iss` claims, but core.py stored
GITHUBAPP_ID as an int and github3.py uses it directly as the JWT
issuer when minting the app token, causing:

    TypeError: Issuer (iss) must be a string.

Store the (still validated as numeric) app id as a string so the
issuer claim is valid. Keeps PyJWT current instead of pinning <2.10.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 githubapp/core.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/githubapp/core.py b/githubapp/core.py
index 18bc4f5..b91f520 100644
--- a/githubapp/core.py
+++ b/githubapp/core.py
@@ -35,7 +35,10 @@ def __init__(self, app=None):
 
     @staticmethod
     def load_env(app):
-        app.config["GITHUBAPP_ID"] = int(os.environ["APP_ID"])
+        # Validate APP_ID is numeric, but store it as a string: github3.py uses
+        # this value as the JWT `iss` claim, and PyJWT >=2.10 rejects non-string
+        # issuers ("Issuer (iss) must be a string.").
+        app.config["GITHUBAPP_ID"] = str(int(os.environ["APP_ID"]))
         app.config["GITHUBAPP_SECRET"] = os.environ["WEBHOOK_SECRET"]
         if "GHE_HOST" in os.environ:
             app.config["GITHUBAPP_URL"] = "https://{}".format(os.environ["GHE_HOST"])