Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can Webhooks be used with a GitHub OAuth App?

So I've been reading GitHub developer docs and about webhooks they have the following statement:

Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com. When one of those events is triggered, we'll send a HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external issue tracker, trigger CI builds, update a backup mirror, or even deploy to your production server. You're only limited by your imagination.

However, about Apps they've also got this statement:

Apps on GitHub extend and improve existing workflows. People can purchase apps from GitHub Marketplace or browse useful tools and services that integrate with GitHub in Works with GitHub.

If you're building or adding integrations, this documentation will help get you up and running.

For support requests, bug reports, and discussions related to GitHub Apps (not OAuth Apps), use the GitHub Platform Forum. The forum allows you to collaborate with other integrators as well as engineers and product managers from GitHub.

If your request is about OAuth Apps, or if you need to discuss a private concern, please contact support directly.

This seems that Webhooks can only be used with GitHub Apps? The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?

like image 670
Sasha Fonseca Avatar asked Jul 02 '17 20:07

Sasha Fonseca


1 Answers

Edit

Can Webhooks be used with a GitHub OAuth App?

Yes.

Webhooks allow you to build or set up GitHub Apps which subscribe to certain events on GitHub.com.

This is an incorrect statement. This should be 'an integration with GitHub' rather than 'GitHub Apps'.

This seems that Webhooks can only be used with GitHub Apps?

No. GitHub Apps include implicit support for Webhooks. OAuth Applications request tokens with a scope for write:repo_hook or admin:org_hook to register a Webhook on the Repository or Organization.

There is a guide for creating webhooks that suggests to use the repo hooks or org hooks API endpoints.

The difference between GitHub Apps and GitHub OAuth Apps isn't very clear and I fail to see why an OAuth app would not be able to use Webhooks?

There is documentation that describes some differences between GitHub Apps and OAuth Apps.

TLDR advantages of GitHub Apps:

  • Granular Permissions
  • Option to use short-lived Tokens
  • GitHub Apps do not need to add a Webhook to a Repository or Organization
  • Avoids having Machine/Service Account users

Original

Webhooks allow your server/application to get notified whenever a specific event happens - regardless of whether you are using OAuth or GitHub App. Your application will then need to process an event and act accordingly.

Separately, your application will need to interact with GitHub's API to create, read, edit, or delete information. GitHub will usually require credentials to access or update specific information. Authentication to GitHub's API can use multiple methods:

  • None
  • Basic Authentication (username/password)
  • OAuth2 Token
  • Personal Access Token (PAT)
  • Installation Access Token

There are additional differences between legacy GitHub integrations and GitHub Apps.

  • Older integrations were based on Oauth2 and use a Token associated with a user's account. Integrations would interact with GitHub's API on behalf of a user - which is why some organizations would set up a machine user. Webhooks also need to be added explicitly.

  • GitHub Apps will interact with GitHub's API on it's own behalf. You must explicitly grant a GitHub App access to an Organization or Repository which enables both Webhook and API access.

like image 168
osowskit Avatar answered Oct 28 '22 09:10

osowskit