Repository permissions for GitHub App Fake User

GitHub Apps get a user with username that looks like {APP_NAME}[bot]. It seems GitHub API in other places doesn’t respect such usernames. For example, I’m trying to get permissions for a user bors[bot] of bors app, I’m using this endpoint which uses username. It returns “none” permissions but should return “write” since the app has write access to the repository.

I think all endpoints that accept username should respect these bot usernames. Just wanted to let you know about that confusions and ask your opinion if it’s really a bug or we should work on a workaround somehow.

1 Like

Thanks for reaching out.

The problem is that GitHub Apps aren’t users, they’re apps. They don’t have a user page and don’t have a lot of information that apply to users, like a bio, a location, or other such fields. Additionally, GitHub Apps have much more fine-grained permissions than users do, so the user permission endpoint wouldn’t apply either. Because of this, it doesn’t make sense to return information on GitHub Apps via the user API endpoints.

I hope that helps. Let us know if you have any questions.

The isssue here is that there is no way to check permissions of another App from within my App. These permissions are nessesary to check for security reasons. This limits App to App interaction.

Also nowadays more and more Apps are commiting changes so I think this issue will be more and more important with time.

I’ll pass along the request for a feature for one App to check the permissions of another App. I can’t make a promise as to when or if such a feature will be implemented, but I’ll pass it along to the right people.

Thanks for reaching out.