GitHub App Auth Flow

GitHub Apps are commonly mistaken for OAuth Apps due to their similarities but understanding the differences between them will help you decide which kind of app you want to create.

In a nutshell, an OAuth App acts as a GitHub user, whereas a GitHub App uses its own identity when installed on an organization or on repositories within an organization. For a comprehensive comparision please refer to the official GitHub documentation.

For this guide, we are going assume that you are using a GitHub App.


Assuming that your GitHub app has already been installed on either a user or an organization, the programmatic flow the developer must follow in order to be able to authenticate on their behalf is:


Multiple GitHub instances will have to be created and each of them will be using a different authentication mechanism. Some actions are only accessible if you are authenticated as a GitHub App while others will only be possible if you are authenticated on behalf of a user or org.


In order to follow this guide, you must have:

  • A GitHub App created as described here
  • A Private Key must be configured in your GitHub App as described here
  • A User or an organisation that has already installed your GitHub App as described here

What next?