I am developing a ChatGPT plugin that uses a GitHub App for authentication. The flow of the plugin is as follows:
The user installs the plugin on ChatGPT.
The user is redirected to https://dev-duet-ai.vercel.app/api/auth
My auth.js redirects to https://github.com/apps/devduetai/installations/new
After the user has accepted the permissions, the user is redirected to https://chat.openai.com/aip/plugin-my_plugin_id/oauth/callback
The plugin is then successfully installed and ChatGPT calls my /token endpoint to get an access token.
However, step 4 never happens if the user has already installed the GitHub App before. Instead it takes them to the installation page and never continues the flow. I thought maybe I could check if the user has already installed it, but in step 3 I have no user information. Is there a better way to handle the redirect or tell the flow to continue?
I just realized I think I’ve been doing this wrong and I shouldn’t use https://github.com/apps/devduetai/installations/new and instead need to use https://github.com/login/oauth/authorize
which contains copies of actual manifest and OAS (Open API specification) files and as we know is where the use of GitHub tokens would be indicated.
Using GitHub search for github results is some hits (12) but this one is of interest.
Yes I actually used a recent reply with a bit of a modification; what can I say, the best programmers in the world are some of the laziest (think before acting) people I know.
Thanks for the reply. The problem with this is it does not enable the user to select the specific repos the app should have access to. When I use https://github.com/apps/devduetai/installations/new then the user has the option to only allow the plugin access to certain repos, which is what I prefer to enable. But if the user uninstalls the plugin without uninstalling the GitHub App, and then later re-installs the plugin, they cannot finish the auth flow because going to https://github.com/apps/devduetai/installations/new takes them to a page to modify the plugin. If they don’t want to do anything, there’s no way to redirect back to openai to finish the auth flow.
Right now the only workaround I can think of is to tell the users if they uninstall the ChatGPT plugin, they have to uninstall the GitHub App to reinstall the plugin. Then maybe my /auth endpoint could have this information with a dialog that says “Did you uninstall the plugin?”
