GitHub Apps and OAuth

2 Primary ways to access GitHub content of a user

  • GitHub app
  • OAuth app

Difference between them

An OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization.

e.g. Vercel commenting on PR with link to preview -> GitHub app


Apps have access to repos defined in an installation, which is scoped to a specific user/organization.

You can find your app at https://github.com/apps/your-app. Here, a user can install the app or configure installations of it.

You can jump to installation configuration at https://github.com/apps/your-app/installations/new

which shows a screen like


Typical flow

  1. Login with GitHub button
    • User goes through OAuth flow and can see your app in the "Authorized OAuth Apps" section in GH settings
  2. Create installation for scope
    • User is redirected (typically displayed in popup) to github.com/apps/your-app/installations/new where they can configure what repos the app has access to
  3. Show list of repos in your UI and let user select
    • Fetch all repos that your installations for the user have access to (personal account, any orgs they have added installation to)

Creating Repos

For an installation to create GitHub repo you need administration write permissions

You can create a repo as an OAuth app, but then to listen to webhooks and stuff on it later, you need to be an installation.

tags: web

Last Updated February 23, 2021