It's not clear to me if there's a way to move the users to the new app, so they don't need to re-authenticate (I guess there is not, but I think should be indicated)
IIUC, no, this isn't possible. The new app is essentially a distinct installation, so it's access must be authenticated by the user.
It's not clear to me whether I should delete the old OAuth app. It's confusing to me, because it says we should encourage users to de-authorize the old app, but if the old app is no longer in use, it would make more sense to me to delete the app, so its credentials can not be abused in any way and all authorizations are revoked.
I think this was originally written implying that some users might still be using the old app. If all your users have transitioned off the old app, or if you're happy to delete the old app even though it might still have active users, then deleting the app makes sense π
We can definitely update the doc to be more clear about both these points. I'll open this issue up for anyone to take on π
π @jgimenez π To answer your main question:
IIUC, no, this isn't possible. The new app is essentially a distinct installation, so it's access must be authenticated by the user.
I think this was originally written implying that some users might still be using the old app. If all your users have transitioned off the old app, or if you're happy to delete the old app even though it might still have active users, then deleting the app makes sense π
We can definitely update the doc to be more clear about both these points. I'll open this issue up for anyone to take on π
Originally posted by @lucascosti in https://github.com/github/docs/issues/1236#issuecomment-742257828