Open d12 opened 5 years ago
Making a note here that moving to a GitHub App would also allow us to use an installation token for rate limiting rather than our current strategy of picking a random org member's token, which would give us a higher rate limit overall and behave more consistently.
Next steps for migrating to a github app:
I did some preliminary research on how we might migrate to a GitHub App. Some notes:
admin
to use classroom in the foreseeable future (https://github.com/education/classroom/issues/765) we should use a combination of user-to-server
and server-to-server
requests. We would use a user-to-server
request to determine what the current user has access to (for example a repo to use as a starter code repo as an assignment), and a server-to-server
request to create the student repositories for that assignment.Useful resources have been https://developer.github.com/apps/building-github-apps/authenticating-with-github-apps/ and advice from @mtodd ✨
This research is really valuable, thank you @spinecone! cc @femmebot as there may be design implications in the way we move forward here.
A next step could be putting together a plan for token management in a GitHub App world, since it looks like we're managing more than 1 type of token now (and we have to do some intermediate token generation type stuff). After that, giving a go at a spike would be valuable.
Couple more notes:
https://github.com/apps/[app name]/installations/new/permissions?target_id=[org id]
To date, GitHub Classroom has been an OAuth app. GitHub apps are the way forward and have more features. They also allow us to be more granular in the permissions we request from our users.
This will also allow us to rework our on-boarding experience. One of the biggest pain points teachers face is having to go to the OAuth installation page and click "grant" when they make a new org. There aren't any instructions saying what to do on this page, and there's no redirects back to Classroom after they grant access to the org. Teachers often get lost here and start to get confused between GitHub and GitHub Classroom.
We can skip this whole step as a GitHub App. We will still need to perform an installation per org, but we can send them directly to the installation page which will have clear instructions saying what to do, and after clicking the big green button, they get automatically forwarded back to Classroom.
tldr; As a GitHub App, we get access to the newest GitHub API features + we skip the confusing OAuth org grant flow. Lets do it :+1:
cc @tarebyte, a lot of this is paraphrasing from conversations with you. Let me know if I got anything wrong here :)
cc @andrewbredow cc @mozzadrella