Recommend GitHub Apps for GitHub Connector over OAuth Apps #163
Description
Hey folks 👋
While setting up Dex in a few different environments, I found it pretty tedious that I had to create a new GitHub OAuth App since there's a limitation of one callback URL per app while following the GitHub Connector docs
I noticed in GitHub's docs they mention considering using a GitHub App over a GitHub OAuth App, as both can do OAuth 2.0 flows.
I switched my Dex configs to point to a GitHub App, and there are some advantages like being able to have up to 10 callback URLs per app now.
However, instructions are a little different, and you need to grant the app some additional scopes:
- Organization Permissions > Members: Read-only
- Account Permissions > Email Addresses: Read-only
- Account Permissions > Profile: Read and write
I'm not entirely sure why the Profile scope is needed, and there's no read-only option, which is a bit of a bummer, but it works anyway.
I know there are tradeoffs with this approach, but maybe it's worth mentioning in the Dex docs if you agree?