Creating an Installation Access token for only Public repos

Is it possible to create an Installation Access Token ( that only gives access to clone public repos without giving any access to private repos?

We’re using GitHub Enterprise Server so public repos still require authentication. We want to make a token from our GitHub app that provides authentication to public repos but does not expose any private repos. I’ve already tried providing an empty list of repository_ids but that gives access to everything. We also can’t always select a public repo to pass in to repository_ids because that might not always exist. I’ve looked through the docs and could not find anything relevant.


Welcome to the GitHub Support Community, @wesley-luk-apple! Thanks for asking this question. :+1:

It’s possible to create an installation access token that only has access to select public repositories. As you’ve observed, there’s a repository_ids field that lets you specific which repositories that installation access token will have access to. To clarify, there’s not a specific option that you could specify in the parameters targeting repositories by their visibility (like repositories: {all, public, private}).

While I’m not sure what specifying the value of an empty list for that field will do, the approach the documentation recommends is making a request that lists the repositories accessible to the app installation. The response will include a repositories field that has an Array value, where each element represents the repository it has access to. Each element has a private field that you can check, where "private": false means it’s a public repository and "private": true means it’s a private repository. In this way, you can write a script that filters this dataset for public repositories and creates the installation token scoped to the ones chosen.