What is the difference between authorization and installation of a GitHub app? #87199
-
Select Topic AreaQuestion BodyI have read https://docs.github.com/en/apps/using-github-apps/authorizing-github-apps#difference-between-authorization-and-installation, but the difference is still not clear. Do authorization and installation provide two disjoint sets of functions? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
Authorization and installation in the context of GitHub Apps involve distinct but interconnected processes. Authorization is the act of granting specific permissions to a GitHub App its like specifying what actions it can perform on behalf of a user or organization. On the other hand, installation is the instance where the GitHub App is set up for a particular user or organization, establishing a link between the app and the associated repositories. The permissions granted during the authorization process apply within the scope of a specific installation. In short, authorization determines what the GitHub App is allowed to do, while installation enables it to carry out those actions in the context of a user or organization that has installed the app. |
Beta Was this translation helpful? Give feedback.
Authorization and installation of GitHub Apps serve different purposes and are used in different contexts.
Authorization is about granting a GitHub App permissions to access certain data. When a user authorizes a GitHub App, they're giving it the rights to act on their behalf, which could include reading their profile information, writing to their repositories, etc. This is typically done via OAuth, and results in the app obtaining an access token it can use to make authenticated requests on behalf of the user.
Installation, on the other hand, is about associating a GitHub App with a specific user or organization's repositories. When a GitHub App is installed, it's given access to the rep…