Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrations
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Keavy McMinn
September 15, 2016
820
3
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Integrations
Keavy McMinn
September 15, 2016
More Decks by Keavy McMinn
See All by Keavy McMinn
Principles of Awesome APIs and How to Build Them.
keavy
128
18k
Improving your workflow with the GitHub API
keavy
9
1.2k
The Successful Shipper
keavy
8
590
How to mend a broken identity
keavy
0
290
Better work, through better feedback.
keavy
1
590
Internal Tools
keavy
9
1.6k
Must. Try. Harder.
keavy
0
660
Career Health Check
keavy
0
350
From Artist To Programmer
keavy
1
510
Featured
See All Featured
Evolving SEO for Evolving Search Engines
ryanjones
0
220
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
620
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.7k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.9k
A designer walks into a library…
pauljervisheath
211
24k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
370
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
2.1k
Automating Front-end Workflow
addyosmani
1370
210k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
How to build a perfect <img>
jonoalderson
1
5.7k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
540
Transcript
Integrations Keavy McMinn // Engineer b keavy
“Who opens PRs?”
repo GET /repos/:owner/:repo/pulls
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories and organizations.
None
None
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ │
None
None
None
Uh. Where’s CI?
None
“We need this level of access because GitHub…”
“Type a quote here.”
I’ve got 99 problems, and they’re all OAuth
Scopes
Outside-in flow
Install flow efficiency
No Connection between an org and a service
Multiple accounts
Multiple accounts
None
None
“If we were building integrations from scratch, knowing what we
know now... what would we do differently?” b jasonrudolph
None
Integrations Early Access
None
Users
None
None
None
None
None
Integrator
None
None
None
None
None
None
None
Thorny areas
Checking permissions
Checking permissions
Checking permissions
Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && repo.pushable_by?(user) end Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && (repo.pushable_by?(user) || repo.statuses.writeable_by?(user)) end Checking permissions
# A user with push access to commit status role
:status_writer do |context| ... user && repo.resources.statuses.writeable_by?(user) end Checking permissions
Identity flow
" # $ Identity flow
Identity flow " # $
OAuth Possible solutions:
Possible solutions: Single Sign-On
OAuth-like flow
None
Led by UX
None
None
None
Trust
None
None
Alternatives now
repo Grants read/write access to code, commit statuses, repository invitations,
collaborators, and deployment statuses for public and private repositories and organizations.
None
None
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits Integrator site │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ │ Authorize Integrator with OAuth │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ Integrator receives and stores │ │ OAuth access token for user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ List accessible orgs for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ List accessible repos for user │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Display list of repos to user │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ User selects repos to build │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │ │ Set up hooks, create keys for │ selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ▶ │ │ │
┌────┐ ┌─────────────────┐ ┌────────┐ │User│ │ Integrator │ │ GitHub │
└──┬─┘ └────────┬────────┘ └────┬───┘ │ │ │ │ User visits integration page │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ┼ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ User installs integration on selected repos │ │ │ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─▶ │ │ │ Integrator receives webhook event │ │ of new installation │ │ │ ⾢ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ ─ │ │ │ │ │ │ │
None
Octokit::Client.new( :access_token => installation_access_token )
Take action independently of a specific user Allow users to
install on an organization Allow users to install on a per repository basis Want granular permissions When to use an Integration?
Code Scanners Continuous Integration Continuous Deployment Issue Management Anything else
you can dream up! What might you use an integration for?
Take action only as a specific user Full access is
desired Using GitHub as an identity provider When to use an OAuth application?
Installations Early Access
Learn more developer.github.com platform.github.community % &
b keavy b jch b tarebyte b jmilas b kdaigle
b pifafu b cmwinters b tclem b jasonrudolph b jdpace b pengwynn b ptoomey3 b janester
Thank you