Github App transferred to Organisation not showing "Install App" etc

I am trying to setup a Github App to give some scripts limited Admin rights to some repos in an Organisation. The Organisation is (I believe) under an Enterprise account - we are using this currently instead of having an Enterprise server. I have created the App, transferred it to the Organisation, and one of the Organisation Admins (which I an not) has set me as the manager. So far so good. However, although I can see the App in the Organisation Settings, there is no “Install App” button. Also trying to use it in scripting gives 401 (A JSON web token could not be decoded) errors trying to get hold of a “PAT” for the app - even though the Admin has installed it into the app.

There is obviously something wrong but I’m at a loss. Does anybody know of some extra logs that can be looked at or have a suggestion on how to approach this. We’ve tried deleting the app and retrying - no different. I should say this is the third app I’ve created for transferring into the organisation this way - so far it has just worked.

1 Like

We have paid support (I discovered) so raised a ticket on this and got a response. Not exactly what I was after, but I will copy it here in case somebody else benefits. Summary is that if you add Admin permission to the App, then any App Manager needs to be an Owner of the Organisation and not just an Administrator of some of the Organisation’s repos.

I quote:
The repository administration permission will be what’s removing the Install option for App Managers who aren’t organization owners. This is because the GitHub App permission requests access to a number of organization REST API endpoints, including:

  • /orgs/:org/repos
  • /teams/:team_id/repos/:owner/:repo
  • /teams/:team_id/repos/:owner/:repo

As these endpoints are outside the individual repository scope, only the organization owner can approve requests to add or change them. If this wasn’t the case, App Managers who aren’t organization owners would be able to grant an application the ability to view organization members and teams - which is private organization information that can otherwise only be granted by organization owners via inviting new organization members.

With the permissions structure as it stands, there is no way to grant a GitHub App the administrator role for organization repositories without this access being granted specifically by an organization owner.