From 6609c46c9bd37a1ab3d26680c6ca4116bb3681db Mon Sep 17 00:00:00 2001
From: Brian Ojeda <9335829+sgtoj@users.noreply.github.com>
Date: Sat, 6 Dec 2025 15:46:58 -0500
Subject: [PATCH] fix: use the correct github token getting membership info

---
 internal/github/client.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/internal/github/client.go b/internal/github/client.go
index 246cde9..6d05f39 100644
--- a/internal/github/client.go
+++ b/internal/github/client.go
@@ -179,12 +179,21 @@ func (c *Client) Do(ctx context.Context, req *http.Request) (*http.Response, err
 
 // GetAppSlug fetches the GitHub App slug identifier.
 // used to detect changes made by the app itself.
+// requires JWT authentication (not installation token).
 func (c *Client) GetAppSlug(ctx context.Context) (string, error) {
-	if err := c.ensureValidToken(ctx); err != nil {
-		return "", err
+	jwtToken, err := c.createJWT()
+	if err != nil {
+		return "", errors.Wrap(err, "failed to create jwt for app slug fetch")
+	}
+
+	ts := oauth2.StaticTokenSource(&oauth2.Token{AccessToken: jwtToken})
+	tc := oauth2.NewClient(ctx, ts)
+	appClient := github.NewClient(tc)
+	if c.baseURL != "" {
+		appClient.BaseURL, _ = appClient.BaseURL.Parse(c.baseURL)
 	}
 
-	app, _, err := c.client.Apps.Get(ctx, "")
+	app, _, err := appClient.Apps.Get(ctx, "")
 	if err != nil {
 		return "", errors.Wrapf(err, "failed to fetch app info for app id %d", c.appID)
 	}