Skip to content

Migrate from PATs to a full OAuth GitHub App Installation flow #28

Description

@SHAURYASANYAL3

🛑 The Problem

Right now, ForgeLens uses a single global Personal Access Token (PAT). This means it can only analyze public open-source repositories. If a company wants to use ForgeLens to measure their private internal repositories, our system simply cannot access them.

💡 The Solution

We must upgrade our architecture from a script-like PAT approach to a full GitHub App installation flow. Users will authenticate via OAuth and grant ForgeLens access to specific private repos.

🛠️ Implementation Details

  1. Register a GitHub App in the developer portal.
  2. Implement the OAuth callback endpoint in Next.js.
  3. Store the User-to-Server token or Installation ID securely in the database.
  4. Refactor the Octokit client initialization to use @octokit/auth-app or @octokit/auth-oauth-user depending on the context.
  5. Ensure Row Level Security (RLS) guarantees users cannot query repositories they didn't authorize.

✅ Acceptance Criteria

  • Users can log in via GitHub.
  • Users can select which private repositories to grant access to.
  • The Inngest worker successfully fetches data using the App installation token.

Ready to tackle this? Comment .take below to get automatically assigned!

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions