Skip to content

support GitHub App installation‑token authentication (server‑to‑server) for MCP #311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Svetlanko opened this issue Apr 18, 2025 · 0 comments
Open

support GitHub App installation‑token authentication (server‑to‑server) for MCP #311

Svetlanko opened this issue Apr 18, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@Svetlanko
Copy link

Describe the feature or problem you’d like to solve

MCP can currently authenticate with:

  • Personal Access Tokens (classic or fine‑grained) ✨
  • Soon 🚀: OAuth 2.0 device‑code flow via Non PAT auth method #132

Both approaches depend on credentials that are bound to a human account.
In enterprises(including ours) PAT creation is often blocked, and a device‑code token still requires a privileged “service user” to stay alive.
That leaves 24 × 7, org‑wide automation brittle and out of step with GitHub’s own security guidance.

Concern Fine‑grained  PAT OAuth device‑code
👤 Identity coupling Single user  → breaks on off‑boarding Needs service user
⏳ Secret lifetime Up to 1 year; manual/scripted rotation 8 h access token + 6 mo refresh token
🔍 Audit clarity Traffic appears as that user oauth-app/<app> (as @user)
🛡️ Org policies PATs often disallowed Refresh token is still long‑lived

So, neither option is ideal for a headless, fleet‑wide MCP deployment.

Visual cheat‑sheet (PAT vs device‑code vs GitHub App installation):
Image

Proposed solution

Allow GitHub App installation‑token (server‑to‑server) authentication.

  • install the App at org/enterprise scope with the minimum perms MCP needs (contents:read, metadata:read, etc)
  • store only the App’s private key in AWS Secrets Manager / KMS
  • at runtime MCP signs a short‑lived JWT → exchanges it for a 60‑minute installation token → refreshes automatically
  • audit events appear as github‑app/mcp‑server

Benefits

  • zero human coupling – no PATs, survives re‑orgs and off‑boarding
  • short‑lived creds – ≤ 60 min window if a token leaks
  • governance – admins can see/change App permissions & repo list in one click
  • clear audit trail – bot traffic is obvious (github‑app/…)
  • future‑proof – aligns MCP with GitHub’s move away from long‑lived personal tokens

Additional context

Suggested implementation approach

  1. add --auth=github-app flag
  2. read APP_ID, INSTALLATION_ID, private‑key path/env var
  3. generate JWT (RS256) → POST /app/installations/{id}/access_tokens
  4. inject token into existing GitHub client; transparently refresh on HTTP 401/expiry

Architecture sketch of MCP + GitHub App flow:
Image

Happy to help spec out more, test, etc - just let me know what’s useful 🙌
@Svetlanko Svetlanko added the enhancement New feature or request label Apr 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Svetlanko