Yes, my server is ready to accept the callback URL. However, Github is not redirecting the user to the callback URL. It’s not a matter of 404 as mentioned in your link. Github is redirecting back to Github, not my site.
Did you ever solve this? I have the exact same problem - the “User authorization callback URL” appears to be a no-op. The user is never brought there, and no messages are sent to that URL, it just redirects to https://github.com/settings/installations/xxxx.
@jonathan-marcus - I can’t remember how I got around it. I think when the user first installs the apps, it works (i.e. redirects) but after that, if they just updated settings, it does not redirect. I never found a way around it. Very bad UX for my users.
Yeah, it’s not good. I don’t remember all the different combinations I’ve tried, but I currently have “Request user authorization (OAuth) during installation” checked and it does send me to this URL. I tried having the “Setup URL” specified also, but I was never able to get it really correct. I am okay right now, I do get a redirect after the GitHub app is installed, but it feels very fragile.
There are two types of API authorization for GitHub Apps:
Server-to-server, where the App acts as itself and authenticates using an installation access token (tied to a specific installation)
User-to-server, where the App acts on behalf of a user and authenticates using an OAuth token (tied to a combination of the user and any installations on accounts the user has access to)
The “User authorization callback URL” is the URL that people are redirected to after they authorize your GitHub App to act on their behalf. This is the user-to-server OAuth flow for GitHub Apps.
The “Setup URL” is the URL that people are redirected to after they install your App (either on their own user account, or on an organization to which they have access). Having your App installed somewhere is a prerequisite for authenticating as an installation (server-to-server).
These two things can happen independently, so there are two different URLs in the App’s settings that you can configure.
If you check the “Request user authorization (OAuth) during installation” box, user’s will always be asked to authorize (OAuth) your App when it’s installed and they will always be redirected to your App’s “User authorization callback URL” and not your App’s “Setup URL”.
In this case, if you always want your users to go through the OAuth flow after installation or updating their installation’s settings you should:
Enter a URL in the “User authorization callback URL”
Check the “Request user authorization (OAuth) during installation” box
The “Setup URL” field will be disabled at this point
Check the “Redirect on update” box
If you don’t need to use the OAuth flow with your GitHub App, then do the following:
Leave the “User authorization callback URL” field blank
Uncheck the “Request user authorization (OAuth) during installation” box
Enter a URL in the “Setup URL” field
Check the “Redirect on update” box
Users will always be redirected to your “Setup URL” whenever your App is installed, or an installation’s settings updated (E.g. repositories added/removed).
