OAuth App installation on organization #24878
-
Hi all, I currently have an oauth app that is working for regular user. The app works great: users can log in on my application using oauth and I can then query the API using the oauth token. And I can also checkout repository using the oauth token. Now, I want to be able to make my app available for an entire organization. However, an organization cannot log in via the oauth login. And an organization account does not have an oauth token. And I am using this to clone a repository and query the API. Also, I need to get the list of the organization members and I do not have that information when users purchase the application on the marketplace. My questions are then:
Is there any user that built an oauth app in the marketplace that has insight about this? That would be very helpful. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
OAuth tokens are essentially a way to impersonate a user with restrictions on what permissions are granted. So if the user can clone a repository from an organization, the OAuth token should be able to (with the correct scopes applied). The one wrinkle to this is that organizations can enable OAuth App Access Restrictions. This allows the organization to prevent any OAuth app that is not explicitly approved by the organization from accessing organization resources, even if the user has approved it for their own stuff. But what this means is that your application shouldn’t need any modifications to do what you want, you only need to help your users get the app approved for their organizations. I hope that helps! |
Beta Was this translation helpful? Give feedback.
-
Thanks for the detailed reply, very helpful! |
Beta Was this translation helpful? Give feedback.
OAuth tokens are essentially a way to impersonate a user with restrictions on what permissions are granted. So if the user can clone a repository from an organization, the OAuth token should be able to (with the correct scopes applied). The one wrinkle to this is that organizations can enable OAuth App Access Restrictions. This allows the organization to prevent any OAuth app that is not explicitly approved by the organization from accessing organization resources, even if the user has approved it for their own stuff.
But what this means is that your application shouldn’t need any modifications to do what you want, you only need to help your users get the app approved for their organizati…