You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/developers/apps/building-github-apps/creating-a-github-app.md
+3-1Lines changed: 3 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,9 @@ topics:
52
52
1. By default, to improve your app's security, your app will use expiring user authorization tokens. To opt-out of using expiring user tokens, you must deselect "Expire user authorization tokens". To learn more about setting up a refresh token flow and the benefits of expiring user tokens, see "[Refreshing user-to-server access tokens](/apps/building-github-apps/refreshing-user-to-server-access-tokens/)."
53
53

54
54
1. If your app authorizes users using the OAuth flow, you can select **Request user authorization (OAuth) during installation** to allow people to authorize the app when they install it, saving a step. If you select this option, the "Setup URL" becomes unavailable and users will be redirected to your "User authorization callback URL" after installing the app. See "[Authorizing users during installation](/apps/installing-github-apps/#authorizing-users-during-installation)" for more information.
55
-

55
+
{% if device-flow-is-opt-in %}
56
+
1. If your GitHub App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."
57
+
{% endif %}
56
58
1. If additional setup is required after installation, add a "Setup URL" to redirect users to after they install your app.
57
59

The device flow allows you to authorize users for a headless app, such as a CLI tool or Git credential manager.
127
+
The device flow allows you to authorize users for a headless app, such as a CLI tool or Git credential manager.
128
128
129
-
For more information about authorizing users using the device flow, see "[Authorizing OAuth Apps](/developers/apps/authorizing-oauth-apps#device-flow)".
129
+
{% if device-flow-is-opt-in %}Before you can use the device flow to identify and authorize users, you must first enable it in your app's settings. For more information on enabling device flow, see "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)." {% endif %}For more information about authorizing users using the device flow, see "[Authorizing OAuth Apps](/developers/apps/authorizing-oauth-apps#device-flow)."
130
130
131
131
## Check which installation's resources a user can access
The device flow allows you to authorize users for a headless app, such as a CLI tool or Git credential manager.
127
127
128
+
{% if device-flow-is-opt-in %}
129
+
130
+
Before you can use the device flow to authorize and identify users, you must first enable it in your app's settings. For more information about enabling the device flow in your app, see "[Modifying an OAuth App](/developers/apps/managing-oauth-apps/modifying-an-oauth-app)" for OAuth Apps and "[Modifying a GitHub App](/developers/apps/managing-github-apps/modifying-a-github-app)" for GitHub Apps.
131
+
132
+
{% endif %}
133
+
128
134
### Overview of the device flow
129
135
130
136
1. Your app requests device and user verification codes and gets the authorization URL where the user will enter the user verification code.
@@ -254,10 +260,12 @@ If you make more than one access token request (`POST {% data variables.product.
254
260
| `unsupported_grant_type` | The grant type must be `urn:ietf:params:oauth:grant-type:device_code` and included as an input parameter when you poll the OAuth token request `POST {% data variables.product.oauth_host_code %}/login/oauth/access_token`.
255
261
| `incorrect_client_credentials` | For the device flow, you must pass your app's client ID, which you can find on your app settings page. The `client_secret` is not needed for the device flow.
256
262
| `incorrect_device_code` | The device_code provided is not valid.
257
-
| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again.
263
+
| `access_denied` | When a user clicks cancel during the authorization process, you'll receive a `access_denied` error and the user won't be able to use the verification code again.{% if device-flow-is-opt-in %}
264
+
| `device_flow_disabled` | Device flow has not been enabled in the app's settings. For more information, see "[Device flow](#device-flow)."{% endif %}
258
265
259
266
For more information, see the "[OAuth 2.0 Device Authorization Grant](https://tools.ietf.org/html/rfc8628#section-3.5)."
260
267
268
+
261
269
## Non-Web application flow
262
270
263
271
Non-web authentication is available for limited situations like testing. If you need to, you can use [Basic Authentication](/rest/overview/other-authentication-methods#basic-authentication) to create a personal access token using your [Personal access tokens settings page](/articles/creating-an-access-token-for-command-line-use). This technique enables the user to revoke access at any time.
Copy file name to clipboardExpand all lines: content/developers/apps/building-oauth-apps/creating-an-oauth-app.md
+4-2Lines changed: 4 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -53,6 +53,8 @@ topics:
53
53
**Note:** OAuth Apps cannot have multiple callback URLs, unlike {% data variables.product.prodname_github_apps %}.
54
54
55
55
{% endnote %}
56
-
{% endif %}
57
-
10. Click **Register application**.
56
+
{% endif %}{% if device-flow-is-opt-in %}
57
+
1. If your OAuth App will use the device flow to identify and authorize users, click **Enable Device Flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."
58
+
{% endif %}
59
+
2. Click **Register application**.
58
60

Copy file name to clipboardExpand all lines: content/developers/apps/managing-github-apps/modifying-a-github-app.md
+3-1Lines changed: 3 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -18,6 +18,8 @@ topics:
18
18
{% data reusables.user-settings.github_apps %}
19
19
{% data reusables.user-settings.modify_github_app %}
20
20
5. In "Basic information", modify the GitHub App information that you'd like to change.
21
-

21
+
{% if device-flow-is-opt-in %}
22
+
1. If your GitHub App will use the device flow to identify and authorize users, click **Enable device flow**. For more information about the device flow, see "[Authorizing OAuth Apps](/developers/apps/building-oauth-apps/authorizing-oauth-apps#device-flow)."
23
+
{% endif %}
22
24
6. Click **Save changes**.
23
25

0 commit comments