Listing private repos when migrating OAuth app to GitHub app

I have an OAuth app thats working fine. But my customers find the repo scope to be too overreaching because it wants to read/write all of their repositories. So I converted to a GitHub app. I can now install my app per repo. However now I can’t list private repos and the top level flow starts there. Here’s my steps:

  1. Redirect new user to auth flow (OAuth, scope=user:email)
  2. Exchange code for token (OAuth)
  3. List repos (OAuth token)
  4. Redirect to app install url for selected repo (GH app)

It is obvious I cannot list private repos because scope doesn’t include repo. My question is how to do this right so that I can list private repos in step #3?

Your app should at least have metadata read-only permissions use the following API to query installation list for the authenticated user

1 Like