developers VS installations

So for that, we need a few details that we'll get from the GitHub OAuth Page. There we have to Register a new App to get the required details. To register our app we'll need our callback URL, It looks like this: https://.supabase.co/auth/v1/callback . After that, we'll enable our GitHub Auth.

🟡 Development app setup Navigate to GitHub OAuth Apps setup https://github.com/settings/developers Create a New OAuth App https://github.com/settings/applications/new Fill in the following details Application name: Azure ChatGPT DEV Environment Homepage URL: http://localhost:3000 Authorization callback URL: http://localhost:3000/api/auth/callback/github 🟢 Production app setup Navigate to GitHub OAuth Apps setup https://github.com/settings/developers Create a New OAuth App https://github.com/settings/applications/new Fill in the following details Application name: Azure ChatGPT Production Homepage URL: https://YOUR-WEBSITE-NAME.azurewebsites.net Authorization callback URL: https://YOUR-WEBSITE-NAME.azurewebsites.net/api/auth/callback/github ⚠️ After completing app setup, ensure your environment variables locally and on Azure App Service are up to date.

Navigate to the GitHub Oauth Apps developer settings at https://github.com/settings/developers and create a new oauth app.

We'll go through a similar process for setting up GitHub credentials. For GitHub, go to Settings and then to Developer Settings (bottom left of the page), and then select OAuth Apps. Configure your OAuth app similarly to what's shown below. You can put whatever you'd like in the Homepage URL field.

To do this, we need to first create a new GitHub OAuth App. Click on “New OAuth app” and fill out the form accordingly with your website information. Here are some important things to note about the information requested by the form:

Go to https://github.com/settings/developers and create a new OAuth application and choose New OAuth App.

Head over to GitHub Developer Settings, click OAuth Apps on the left and then click the "New OAuth app" button. It's gonna ask you a few questions. Enter http://localhost:5173 for the homepage URL and http://localhost:5173/login for the callback URL, and fill the rest as you like. We're giving localhost addresses because we have to test our app before deploying to its final URL. You can just update the URLs when you deploy or create a new app and keep this one for testing and development.

Go into your Developer Settings and create a new OAuth App. Name, homepage etc. are not important, but the Authorization callback URL needs to point to your Auth0 Tenant. You can get the domain in your Auth0 application settings: https://.auth0.com.

For Github, head over to your Settings > Developer Settings > OAuth apps and create a new app.

To create your connection between Netlify and GitHub you just need to go on netlify user settings and configure the connection with your GitHub account (grant access to all the repos to deploy further projects easily). After doing this, you can navigate to Github Application settings, click on configure, and copy the number appended at the end of the URL since that is your Installation ID. This process will be needed only once, and then you are set to go.

This page https://dash.cloudflare.com/36e5e954c996e147e789df6a1b716209/pages/new/provider/github says ' If your repository is not shown, configure repository access for the Cloudflare Pages app on GitHub. '

Make sure you've installed the DigitalOcean GitHub app as described above—you should see it listed at https://github.com/settings/installations:

That's an interesting concept.

Thinking about it for a bit, I'm sadly hesitant that it might need to be built as a browser extension or mobile app, rather than a website, because none of these services provide programmatically-accessible (even read-only) feeds of what you're looking for, so you'd need to scrape everything. This brings up two issues: 1) the headache of IP ratelimiting (and/or flat-out IP bans from trigger-happy systems optimized for fighting fraud/bots hosted on cloud infrastructure). IIUC there are proxy services that you can outsource the workaround problem to, but this is awkward to get behind in the face of 2), which is that users would need to input their actual usernames and passwords so that the service could request the account page with the details on it in order to scrape the data.

Given that these are broadly web services poked at via HTTPS, you could potentially get everything you needed from a browser extension (as long as the service doesn't require you to set any HTTP headers that extensions aren't allowed to touch).

The second possibility is using an app. Writing a thin layer that lets you craft custom HTTPS/whatever requests from a WebView would probably be the most straightforward approach.

The main issue with both the extension and app approaches is that they code-dump both the idea and methodology of "here is how to do X" into the hands of the IQ-99 skiddie group (especially with an extension). So now you have more people running around scraping pages and whatnot and trying to figure out how to weaponize everything. Probably won't go anywhere (in terms of producing actual attacks), but the noise may potentially make your life harder.

The least-complex solution seems to just be a giant boring list of links, for example:

- https://myaccount.google.com/permissions

- https://twitter.com/settings/connected_apps, https://twitter.com/settings/connected_accounts

- https://github.com/settings/apps/authorizations, https://github.com/settings/applications, https://github.com/settings/installations, https://github.com/settings/apps, https://github.com/settings/developers, https://github.com/settings/tokens

Hmm, that's kind of all over the place for some things. A single aggregate view that combines everything could definitely be very interesting...

Now you should have a private key, App ID (found at the top of your app settings page, https://github.com/settings/apps/yourappname), and Installation ID (via API or in post-install URL like https://github.com/settings/installations/1234567). You can use these to form API requests, either manually, via one of the Octokit libraries, or even as an action.

Look for it later in your GitHub Settings to add more repos, or to revoke access.