Apps not able to mention users or teams


#1

I have a github app which posts comments to PRs in certain situations, where the comments include @-mentions of certain users and teams. However, the mentions are not being recognized by github: they show up as plain text (not linked) when viewed, and the relevant users/teams are not being notified.

I know the @-mentions are spelled and formatted correctly because if I (as a human user) go and “edit” one of the bots comments and save it without actually changing the contents at all, then the mention is correctly recognized and linked.

Does my app need certain extra permissions (beyond the ability to post comments) in order to mention? Is there anything else I might be missing?


#2

Thanks for starting a thread about this, @eapache :bowing_man:

I’m not sure, but I don’t think you’re missing anything – it’s possible this just isn’t supported yet. I’ll open an internal issue so that the team can investigate and we’ll followup here as soon as there’s any news.


#3

Hi @izuzak, thanks for looking into this. I don’t know much about the internal differences between apps and other pre-app API clients at github, but I know we have one similar bot which (to my knowledge) is from the pre-app days and has no problem mentioning users in comments. As far as I know they use the same API endpoint to actually post the comment, so I would be surprised if the difference was at that level.

P.S. I am happy to provide more details of the specific apps in question and even example comments they have created if somebody from github contacts me directly.


#4

we have one similar bot which (to my knowledge) is from the pre-app days and has no problem mentioning users in comments. As far as I know they use the same API endpoint to actually post the comment, so I would be surprised if the difference was at that level.

Thanks for sharing your thoughts, @eapache. Actually, there are fundamental differences between the two. With OAuth apps, applications can make only requests on behalf of other users – they obtain a token for a user and make requests as that user. GitHub Apps are different – the app itself can perform actions on its own behalf, not on the behalf of any specific user. This means that the permissions model from OAuth apps doesn’t completely cover GitHub apps – things don’t “just work”.

Most of the differences are explained here:

https://developer.github.com/apps/building-integrations/setting-up-a-new-integration/about-choosing-an-integration-type/

If we need more specific information about your report – we’ll followup here. Thanks for the offer!


#5

Just wanted to follow up on this and see if anything more had come of it? Is it still being investigated?


#6

I’m having a similar issue with a deployed GH app, here. Would love to understand if there are permissions I can request so I can @-mention teams, or if there’s a fix/solution in the works.