I have a GitHub app setup for authentication for my webapp per https://developer.github.com/v3/guides/basics-of-authentication/. How can I setup my GitHub app so that only members of the organization can authenticate?
Thanks
Asked
Active
Viewed 88 times
0
-
have you read that: https://help.github.com/en/articles/enabling-oauth-app-access-restrictions-for-your-organization ? – Vasili Angapov May 12 '19 at 15:44
-
yes, that doesn't limit who can authenticate via the app. only who can use it (which seems odd). – mlbiam May 12 '19 at 17:41
-
Did you tried to use ssh authentication-tokens? – desmaxi May 13 '19 at 13:52
-
1If they are providing access tokens via oauth web flow, you can query whether they are a member of your Organization. If not, you can ignore them via server side logic. – osowskit May 13 '19 at 23:11
-
Though re-reading the OP. You may want to transfer ownership of the App to your organization and restrict the visibility to just the user/org. – osowskit May 13 '19 at 23:18
1 Answers
0
So there's no way to do this directly. You need to query if the user is a member of an authorized org. Seems odd to be but thats the way this is handled in every implementation i've seen
mlbiam
- 415
- 4
- 17