Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrations
Search
Keavy McMinn
September 15, 2016
820
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Integrations
Keavy McMinn
September 15, 2016
More Decks by Keavy McMinn
See All by Keavy McMinn
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
Improving your workflow with the GitHub API
keavy
9
1.2k
The Successful Shipper
keavy
8
590
How to mend a broken identity
keavy
0
290
Better work, through better feedback.
keavy
1
590
Internal Tools
keavy
9
1.6k
Must. Try. Harder.
keavy
0
660
Career Health Check
keavy
0
350
From Artist To Programmer
keavy
1
510
Featured
See All Featured
Navigating Team Friction
lara
192
16k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
330
Are puppies a ranking factor?
jonoalderson
1
3.7k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
220
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Between Models and Reality
mayunak
4
360
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Test your architecture with Archunit
thirion
1
2.3k
How Software Deployment tools have changed in the past 20 years
geshan
0
34k
RailsConf 2023
tenderlove
30
1.5k
Marketing to machines
jonoalderson
1
5.5k
A Tale of Four Properties
chriscoyier
163
24k
Transcript
Integrations Keavy McMinn // Engineer b keavy
“Who opens PRs?”
repo GET /repos/:owner/:repo/pulls
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories and organizations.
None
None
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ │
None
None
None
Uh. Where’s CI?
None
“We need this level of access because GitHub…”
“Type a quote here.”
I’ve got 99 problems, and they’re all OAuth
Scopes
Outside-in flow
Install flow efficiency
No Connection between an org and a service
Multiple accounts
Multiple accounts
None
None
“If we were building integrations from scratch, knowing what we
know now... what would we do differently?” b jasonrudolph
None
Integrations Early Access
None
Users
None
None
None
None
None
Integrator
None
None
None
None
None
None
None
Thorny areas
Checking permissions
Checking permissions
Checking permissions
Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && repo.pushable_by?(user) end Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && (repo.pushable_by?(user) || repo.statuses.writeable_by?(user)) end Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && repo.resources.statuses.writeable_by?(user) end Checking permissions
Identity flow
" # $ Identity flow
Identity flow " # $
OAuth Possible solutions:
Possible solutions: Single Sign-On
OAuth-like flow
None
Led by UX
None
None
None
Trust
None
None
Alternatives now
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories and organizations.
None
None
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits integration page │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ User installs integration on selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ │ Integrator receives webhook event │ │ of new installation │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ │
None
Octokit::Client.new( :access_token => installation_access_token )
Take action independently of a specific user Allow users to
install on an organization Allow users to install on a per repository basis Want granular permissions When to use an Integration?
Code Scanners Continuous Integration Continuous Deployment Issue Management Anything else
you can dream up! What might you use an integration for?
Take action only as a specific user Full access is
desired Using GitHub as an identity provider When to use an OAuth application?
Installations Early Access
Learn more developer.github.com platform.github.community % &
b keavy b jch b tarebyte b jmilas b kdaigle
b pifafu b cmwinters b tclem b jasonrudolph b jdpace b pengwynn b ptoomey3 b janester
Thank you