GitHub
Authenticate via GitHub App installations or user OAuth for repository and issue access.
Auth Model
Installation + User OAuth
Dual-credential model. An App is first installed into an organization or workspace (yielding an installation credential), then individual users authorize within that installation context (yielding user credentials). Authpipe manages both lifecycles.
Connection Flow
// Get the bot/app token (installation-level) const { credential: botToken } = await authpipe.getCredential({ provider: 'github', tenantId: 'org_acme', credentialFor: 'installation', }); // Get a user-level token const { credential } = await authpipe.getCredential({ provider: 'github', tenantId: 'org_acme', userId: 'user_123', credentialFor: 'user', });
// Both credentials are always valid — Authpipe handles refresh // Install the App into a workspace <InstallButton provider="github" onInstall={(inst) => console.log('Installed!', inst)} />
Available Scopes
Permissions you can request when connecting to GitHub.
contents:read Read access to repository contents, commits, and branches
contents:write Read and write access to repository contents, commits, and branches
issues:read Read access to issues and related comments, labels, and milestones
issues:write Read and write access to issues and related comments, labels, and milestones
pull_requests:read Read access to pull requests and related comments and reviews
pull_requests:write Read and write access to pull requests and related comments and reviews
metadata:read Read access to repository metadata (always granted)
actions:read Read access to GitHub Actions workflow runs and artifacts
actions:write Read and write access to GitHub Actions workflow runs
checks:read Read access to check runs and check suites
checks:write Read and write access to check runs and check suites
deployments:read Read access to deployments and deployment statuses
deployments:write Read and write access to deployments and deployment statuses
environments:read Read access to environments and environment secrets
packages:read Read access to GitHub Packages
packages:write Read and write access to GitHub Packages
workflows:write Update GitHub Actions workflow files
members:read Read access to organization members and teams
administration:read Read access to repository administration settings
administration:write Read and write access to repository administration settings
webhooks:read Read access to webhooks configured on the repository
webhooks:write Read and write access to webhooks configured on the repository
repo Full control of private repositories
repo:status Read and write access to commit statuses
public_repo Access to public repositories only
read:user Read access to user profile data
user:email Read access to user email addresses
read:org Read access to organization membership and teams
write:org Read and write access to organization membership and teams
admin:org Full control of organizations, teams, and memberships
read:repo_hook Read access to repository webhooks
write:repo_hook Read and write access to repository webhooks
delete_repo Delete repositories
notifications Read access to notifications
gist Create and manage gists
workflow Update GitHub Actions workflow files
read:packages Download packages from GitHub Packages
write:packages Upload packages to GitHub Packages
project Full control of user and organization projects
admin:repo_hook Full control of repository webhooks
What Authpipe handles for GitHub
OAuth Orchestration
PKCE, state validation, callback handling, and provider-specific quirks — all automatic.
Encrypted Vault
AES-256-GCM encryption with per-tenant key isolation. OAuth tokens, API keys, and webhook secrets — never exposed to the frontend.
Silent Refresh
Proactive token refresh before expiry. SDK returns from local cache with zero latency.
Health Monitoring
Scheduled checks detect revoked tokens and expired credentials before users notice.
More Developer Tools providers
Algolia
Search and manage indices through Algolia using Application ID and API key authentication.
Azure DevOps
Access Azure DevOps repositories, pipelines, work items, and builds via Microsoft identity platform OAuth.
Bitbucket
Access Bitbucket repositories, pull requests, and account data via OAuth.
Buildkite
Manage CI/CD pipelines and builds through Buildkite using API key authentication.
Ready to connect GitHub?
Get your first 100 connections free. Set up in minutes with our SDK.