Linking a GitHub App Installation with your own server's user

I want to create a GitHub App but the app requires a user on my own server. When the App is public, everyone can install it, also people which don’t have an account on my server yet.

What is the proper way of solving this?

The best solution I can come up with is:

  1. The user installs the app on GitHub.

  2. The installation redirects to the “Setup URL” on my server.

  3. I can store the installationID and userID/email on my server and request the user to create an account with the same email address on my server.

  4. The user creates an account on my server with the same email as her GitHub email.

This feels kind of hacky… Is there a way to allow App installations only when the GitHub user already has an account on my own website?

If I’m understanding what you’re asking correctly, you want to have all installations of your GitHub App be associated with an account on your server. This is one of the scenarios that user-to-server App authorization is designed for. As you can see in the documentation on Authorizing users during installation, there is a specific workflow for that. Essentially, the user completes an OAuth workflow on your service, which creates or updates their account. You shouldn’t need to ask them to manually “use the same email as their GitHub account” because during the OAuth process, you can record their email from their GitHub account (so long as you request that permission in your OAuth configuration). So, if you do everything right, you shouldn’t need step 4 in your described workflow. The account should already be automatically created by your service in step 3.

Let us know if you have more questions.