githubappflow.apt

GitHub App Auth Flow

  GitHub Apps are commonly mistaken for OAuth Apps due to their similarities but understanding the differences between
  them will help you decide which kind of app you want to create.

  In a nutshell, an OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an
  organization or on repositories within an organization. For a comprehensive comparision please refer to the official
  GitHub {{{https://developer.github.com/apps/differences-between-apps/}documentation}}.

  For this guide, we are going assume that you are using a GitHub App.

Overview

  Assuming that your GitHub app has already been installed on either a user or an organization, the programmatic flow
  the developer must follow in order to be able to authenticate on their behalf is:

[images/GitHub_App_Auth_Flow.jpg] GitHub_App_Auth_Flow

  Multiple <<<GitHub>>> instances will have to be created and each of them will be using a different authentication
  mechanism. Some actions are only accessible if you are authenticated as a GitHub App while others will only be
  possible if you are authenticated on behalf of a user or org.

Prerequisites

  In order to follow this guide, you must have:

  * A GitHub App created as described {{{https://developer.github.com/apps/building-github-apps/creating-a-github-app/}here}}

  * A Private Key must be configured in your GitHub App as described {{{https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/#generating-a-private-key}here}}

  * A User or an organisation that has already installed your GitHub App as described {{{https://developer.github.com/apps/installing-github-apps/}here}}

  []

What next?

  * Authenticating as a GitHub App via the {{{/githubappjwtauth.html}JWT Authentication}}

  * Authenticating as an installation via the {{{/githubappappinsttokenauth.html}App Installation Token}}

  []