What is "User authorization callback URL" for? #24665
-
I’ve set “User authorization callback URL” in my “Github App” settings and when a user installed my app, they are not taken to that URL.
I expected the user to be taken to the URL I’ve entered for “User authorization callback URL” not taken to the github installations page. I tried to set the “Setup URL (optional)” and this gives me the desired behavior. What is “User authorization callback URL” for? |
Beta Was this translation helpful? Give feedback.
Replies: 11 comments
-
Hi @unformatt, Thanks for being here! Per the docs did you set up a route to specify what the callback should do? |
Beta Was this translation helpful? Give feedback.
-
Hi AndreaG, Yes, my server is ready to accept the callback URL. However, Github is not redirecting the user to the callback URL. It’s not a matter of 404 as mentioned in your link. Github is redirecting back to Github, not my site. Thanks Matt |
Beta Was this translation helpful? Give feedback.
-
Hi @unformatt, Did you ever solve this? I have the exact same problem - the “User authorization callback URL” appears to be a no-op. The user is never brought there, and no messages are sent to that URL, it just redirects to https://github.com/settings/installations/xxxx. |
Beta Was this translation helpful? Give feedback.
-
@jonathan-marcus - I can’t remember how I got around it. I think when the user first installs the apps, it works (i.e. redirects) but after that, if they just updated settings, it does not redirect. I never found a way around it. Very bad UX for my users. |
Beta Was this translation helpful? Give feedback.
-
Yeah, it’s not good. I don’t remember all the different combinations I’ve tried, but I currently have “Request user authorization (OAuth) during installation” checked and it does send me to this URL. I tried having the “Setup URL” specified also, but I was never able to get it really correct. I am okay right now, I do get a redirect after the GitHub app is installed, but it feels very fragile. |
Beta Was this translation helpful? Give feedback.
-
👋 @unformatt! There are two types of API authorization for GitHub Apps:
unformatt:
The “User authorization callback URL” is the URL that people are redirected to after they authorize your GitHub App to act on their behalf. This is the user-to-server OAuth flow for GitHub Apps. For example, a user could visit https://github.com/login/oauth/authorize?client_id=Iv1.YourAppsClientIdHere and, if they agreed, click the “Authorize” button to grant your App authority to act on their behalf. The “Setup URL” is the URL that people are redirected to after they install your App (either on their own user account, or on an organization to which they have access). Having your App installed somewhere is a prerequisite for authenticating as an installation (server-to-server). These two things can happen independently, so there are two different URLs in the App’s settings that you can configure. If you check the “Request user authorization (OAuth) during installation” box, user’s will always be asked to authorize (OAuth) your App when it’s installed and they will always be redirected to your App’s “User authorization callback URL” and not your App’s “Setup URL”.
unformatt:
In this case, if you always want your users to go through the OAuth flow after installation or updating their installation’s settings you should:
If you don’t need to use the OAuth flow with your GitHub App, then do the following:
Users will always be redirected to your “Setup URL” whenever your App is installed, or an installation’s settings updated (E.g. repositories added/removed). |
Beta Was this translation helpful? Give feedback.
-
@jamesmartin I have a usecase where I want users to be redirected to my site which is deployed in multiple regions based on some parameter. How do I achieve that? |
Beta Was this translation helpful? Give feedback.
-
jeevanragula:
@jeevanragula there’s no simple way to achieve this currently. If you’re initiating a new installation of your App via
jeevanragula:
No, that’s not possible today. Can you explain the need for multiple Webhook URLs, please? 🤔 |
Beta Was this translation helpful? Give feedback.
-
jamesmartin:
@jamesmartin Thanks for your answer. |
Beta Was this translation helpful? Give feedback.
-
jeevanragula:
@jeevanragula thanks for explaining. How do you decide which region a GitHub App installation will be associated with? Is this decision made by the installing user? Can an installation only be associated with a single region? |
Beta Was this translation helpful? Give feedback.
👋 @unformatt!
There are two types of API authorization for GitHub Apps:
The “User authorization callback URL” is the URL that people are redirected to after they authorize your GitHub App to act on their behalf. This is the user-to-server OAuth flow for GitHub Apps.
For example, a user could visit https://githu…