Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

0.13.5

Affected Resource(s)

All github resources that require authentication.

Terraform Configuration Files

provider "github" {
  owner = "MyOrg"
  app_auth {
     # correct values are set on the command line
  }
}

Debug Output

Mon, 15 Nov 2021 00:50:18 GMT
/home/runner/work/_temp/82078d0e-8462-4088-a73b-519aff5c7a56/terraform-bin refresh --parallelism 50
Mon, 15 Nov 2021 00:50:46 GMT
module.my_module.data.github_team.core: Refreshing state... [id=...34]
[...many successful objects being refreshed...]
Mon, 15 Nov 2021 01:50:48 GMT
aws_iam_user_policy.tf_user: Refreshing state... [id=my-repo:state-access]
Mon, 15 Nov 2021 01:50:48 GMT
Error: GET https://api.github.com/repos/MyOrg/my-repo: 403 API rate limit of 60 still exceeded until 2021-11-15 02:50:44 +0000 UTC, not making remote request. [rate reset in 59m57s]

Panic Output

None

Expected Behavior

Authentication should be valid for as long as it takes terraform to run.

Actual Behavior

Credentials time out after an hour. Installation Access Tokens are valid for exactly one hour:

Installation access tokens have the permissions configured by the GitHub App and expire after one hour.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform refresh

Important Factoids

We have a very large set of repositories managed by the github provider. In attempting to switch from OAuth token authentication to GH Apps authentication, we have discovered that after approximately an hour (+ a few seconds usually) we start getting 403s to resources that are expressily allowed by our GH App permissions.