GitHub Apps and OAuth
2 Primary ways to access GitHub content of a user
- GitHub app
- OAuth app
An OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization.
e.g. Vercel commenting on PR with link to preview -> GitHub app
Apps have access to repos defined in an installation, which is scoped to a specific user/organization.
You can find your app at https://github.com/apps/your-app. Here, a user can install the app or configure installations of it.
You can jump to installation configuration at https://github.com/apps/your-app/installations/new
which shows a screen like
- Login with GitHub button
- User goes through OAuth flow and can see your app in the "Authorized OAuth Apps" section in GH settings
- Create installation for scope
- User is redirected (typically displayed in popup) to github.com/apps/your-app/installations/new where they can configure what repos the app has access to
- Show list of repos in your UI and let user select
- Fetch all repos that your installations for the user have access to (personal account, any orgs they have added installation to)
For an installation to create GitHub repo you need administration write permissions
You can create a repo as an OAuth app, but then to listen to webhooks and stuff on it later, you need to be an installation.