What is the difference between authorization and installation of a GitHub app?

[palapapa]

Select Topic Area

Question

Body

I have read https://docs.github.com/en/apps/using-github-apps/authorizing-github-apps#difference-between-authorization-and-installation, but the difference is still not clear. Do authorization and installation provide two disjoint sets of functions?

[Ashishdheer]

Authorization and installation in the context of GitHub Apps involve distinct but interconnected processes. Authorization is the act of granting specific permissions to a GitHub App its like specifying what actions it can perform on behalf of a user or organization. On the other hand, installation is the instance where the GitHub App is set up for a particular user or organization, establishing a link between the app and the associated repositories. The permissions granted during the authorization process apply within the scope of a specific installation. In short, authorization determines what the GitHub App is allowed to do, while installation enables it to carry out those actions in the context of a user or organization that has installed the app.

[palapapa]

Could you give some examples of when an installation is required to achieve something? I was reading https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-a-user-access-token-for-a-github-app and it seems like with authorization alone, I can generate a user access token with the permissions that I specified in the GitHub app to perform actions on behalf of the user. In that case, why would I ever need to install a GitHub app?

[palapapa]

If during the authorization process, the app can request to have write permissions to all repos, doesn't it make an installation pointless? Can't I just use the token I got from the authorization process to write to any repo I want? Is the only difference between them about knowing which repos to act on?