GitHub Apps Authentication
Use GitHub Apps for Authentication
The preferred method of integration, as suggested by GitHub Documentation, is the utilization of GitHub Apps over OAuth Applications. Outstatic has built-in support to seamlessly integrate with Github Apps.
Follow the steps below to create a new GitHub App:
1. Register a New Application
First go to the "Register a new GitHub App" page on GitHub by clicking here.
2. Name Your Application
Enter a name for your application, such as "Outstatic Blog".
3. Set Homepage URL
Enter any valid URL as the Homepage URL. This can be updated later to your actual website URL.
4. Configure Callback URL
Set the Callback URL to https://my-website-name.com/api/outstatic/callback
. For local development, you can use http://localhost:3000/api/outstatic/callback
.
Optional: You can set multiple callbacks in case you want to use the same GitHub App for different environments (ex: production vs local development). You will need to set the OST_GITHUB_CALLBACK_URL
environment variable to the corresponding callback url on the environment.
5. Disable Webhooks
Unselect the "Active" option on the Webhook section.
6. Set Permissions
Outstatic requires read and write access to specific repositories. Navigate to "Repository permissions" > "Contents" and enable "Read and write". No other permissions are needed.
7. Select Account Scope
In the last section, select "Only on this account" if you are creating a repository on your personal account. For creating on other accounts, choose "Any account".
8. Create GitHub App
Click "Create GitHub App". You will be redirected to your application settings.
9. Retrieve Client ID & Generate Client Secret
Copy the Client ID from your application settings and generate a Client Secret by selecting "Generate a new client secret". These will be used for OST_GITHUB_ID
and OST_GITHUB_SECRET
respectively.
10. Install the Application
Go to "Install App" in your application settings and click "Install" for the account/organization where you want to add the repository.
11. Set Repository Permissions
Although providing permission to all repositories is possible, it is recommended to choose "Only select repositories" and add your desired repository. This permission can be modified later in the account/organization settings.
Then you only need to follow the Getting Started Guide to configure your application with the GitHub Apps Client ID and Client Secret values.