Not sure if this is already documented somewhere, but I’m having trouble figuring out how to get the current Integration API to work for my current use case.
UserX is logged into AppX. AppX directs user to integration installation page, user installs integration. AppX receives installation token and wants to correlate the
installation_idwith UserX in order to make outbound API calls to GitHub (create commits, etc).
I can’t come up with a secure way to support this flow currently.
OAuth obviously supports this, but the ability to grant write permissions on a per-repo basis is an extremely compelling reason to use the new integrations API & our customers would love this fine-grained control.