github app not allow to create repository in user personal account. (app is installed in that personal account)

[bhaveshbheda1]

My clear requirement is to use GitHub App, and I want to create a new repository where my user's installed place(it is either an org or personal account).
According to the implementation point of view for my application, I can not prompt the app or OAuth to choose

Ref:- Lovable.dev is doing the same, but how they use the same function using the GitHub app

[KrishnaSaxena108]

A GitHub App can create a repo, but only where it’s installed. That means:

Give the app the repository administration permission.
Use the installation access token (not OAuth) from the Installation API.

Check if the installation is on a user or org.
If it’s a user → call POST /user/repos
If it’s an org → call POST /orgs/{org}/repos

This way the app can create repos directly in the account/org where it’s installed, no extra prompts needed.

[AryanKumar-108]

Got it 👍 — you want your GitHub App (not a separate OAuth app flow) to be able to create repositories directly in the account/org where the app is installed, without prompting the user to choose again. That’s possible, but requires using the GitHub App installation token flow correctly.

🔑 How it Works

When you build a GitHub App, there are two distinct “contexts”:

App context → your app authenticates with its private key to request an installation token.

Installation context → the installation token is scoped to one specific installation (org or personal account where the app is installed).

With that installation token, you can perform actions on behalf of that installation — including creating repos — provided your app has the correct permissions.

⚙️ Required Setup in Your GitHub App

In your app’s settings (https://github.com/settings/apps/your-app):

Under Permissions, grant:

Repository administration: Read & Write

Under Where can this GitHub App be installed?, allow both Users and Organizations (if you want both).

Make sure you’re requesting the right installation ID at runtime.

📌 API Call to Create a Repo

Once you have an installation access token, you can hit the Create an organization repository
or Create a user repository
endpoint.

For an org installation:

POST /orgs/{org}/repos
Authorization: Bearer <installation_token>
Accept: application/vnd.github+json

For a user installation (personal account):

POST /user/repos
Authorization: Bearer <installation_token>
Accept: application/vnd.github+json

Example body:

{
"name": "my-new-repo",
"private": true,
"description": "Created by my GitHub App"
}

🔍 The Trick: Knowing Org vs User

Each installation object tells you whether it belongs to an org or user:

{
"id": 123456,
"account": {
"login": "my-org-or-user",
"type": "Organization"
}
}

Use account.type:

If "Organization" → call /orgs/{login}/repos

If "User" → call /user/repos

This way, you don’t prompt the user — your app decides based on installation metadata.

✅ Summary

Use your GitHub App’s private key to get a JWT.

Exchange JWT for an installation token (per org/user installation).

Look up the account.type in the installation payload.

Call the right endpoint (/orgs/{org}/repos or /user/repos).

Repo gets created inside the installation’s account, no user OAuth dance needed.

[bhaveshbheda1]

i had tried that but not working here is the code ``` 'use strict'; // CommonJS per user preference [[memory:6689814]] const { Octokit } = ***@***.***/core'); const { createAppAuth } = ***@***.***/auth-app'); /** * Create a repository under the account (org or user) for a given GitHub App installation. * * Environment variables required: * - GITHUB_APP_ID * - GITHUB_APP_PRIVATE_KEY (PKCS8 PEM, with literal newlines or \n-escaped) * * Optional: * - GITHUB_API_BASE_URL (for GHES) * * @param {Object} params * @param {number|string} params.installationId - The installation ID to act as * @param {string} params.name - Repository name * @param {boolean} [params.private=true] - Whether the repo is private * @param {string} [params.description] - Repository description * @param {Object} [params.options] - Additional REST options for create call * @returns {Promise<Object>} The created repository response data */ async function createRepoForInstallation(params) { const { installationId, name, description, options } = params || {}; const isPrivate = params && typeof params.private === 'boolean' ? params. private : true; if (!installationId) throw new Error('installationId is required'); if (!name) throw new Error('name is required'); const appId = XXXXX; const privateKeyRaw = `-----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----`; const baseUrl = process.env.GITHUB_API_BASE_URL; // optional if (!appId) throw new Error('GITHUB_APP_ID is not set'); if (!privateKeyRaw) throw new Error('GITHUB_APP_PRIVATE_KEY is not set'); // Support both literal newlines and \n-escaped single-line envs const privateKey = privateKeyRaw.includes('\\n') ? privateKeyRaw.replace(/ \\n/g, '\n') : privateKeyRaw; const octokit = new Octokit({ authStrategy: createAppAuth, auth: { appId: appId, privateKey: privateKey, installationId: Number(installationId), }, ...(baseUrl ? { baseUrl } : {}), }); // Determine installation account (org vs user) using installation-scoped endpoint const { data: installation } = await octokit.request('GET /app/installations/{installation_id}', { installation_id: Number(installationId), }); const accountLogin = installation && installation.account && installation. account.login; const accountType = installation && installation.account && installation. account.type; if (!accountLogin || !accountType) { throw new Error('Unable to determine installation account login/type'); } let response; if (accountType === 'Organization') { // POST /orgs/{org}/repos response = await octokit.request('POST /orgs/{org}/repos', { org: accountLogin, name, private: isPrivate, description, ...(options || {}), }); } else if (accountType === 'User') { try { // POST /user/repos (no owner param) response = await octokit.request('POST /user/repos', { // username: accountLogin, name, private: isPrivate, description, ...(options || {}), }); console.log(response); }catch (err) { console.error(err); throw err; } } else { throw new Error(`Unsupported account type: ${accountType}`); } return response.data; } module.exports = { createRepoForInstallation };

…

On Tue, 9 Sept 2025 at 22:05, Aryan Kumar ***@***.***> wrote: Got it 👍 — you want your GitHub App (not a separate OAuth app flow) to be able to create repositories directly in the account/org where the app is installed, without prompting the user to choose again. That’s possible, but requires using the GitHub App installation token flow correctly. 🔑 How it Works When you build a GitHub App, there are two distinct “contexts”: App context → your app authenticates with its private key to request an installation token. Installation context → the installation token is scoped to one specific installation (org or personal account where the app is installed). With that installation token, you can perform actions on behalf of that installation — including creating repos — provided your app has the correct permissions. ⚙️ Required Setup in Your GitHub App In your app’s settings (https://github.com/settings/apps/your-app): Under Permissions, grant: Repository administration: Read & Write Under Where can this GitHub App be installed?, allow both Users and Organizations (if you want both). Make sure you’re requesting the right installation ID at runtime. 📌 API Call to Create a Repo Once you have an installation access token, you can hit the Create an organization repository or Create a user repository endpoint. For an org installation: POST /orgs/{org}/repos Authorization: Bearer <installation_token> Accept: application/vnd.github+json For a user installation (personal account): POST /user/repos Authorization: Bearer <installation_token> Accept: application/vnd.github+json Example body: { "name": "my-new-repo", "private": true, "description": "Created by my GitHub App" } 🔍 The Trick: Knowing Org vs User Each installation object tells you whether it belongs to an org or user: { "id": 123456, "account": { "login": "my-org-or-user", "type": "Organization" } } Use account.type: If "Organization" → call /orgs/{login}/repos If "User" → call /user/repos This way, you don’t prompt the user — your app decides based on installation metadata. ✅ Summary Use your GitHub App’s private key to get a JWT. Exchange JWT for an installation token (per org/user installation). Look up the account.type in the installation payload. Call the right endpoint (/orgs/{org}/repos or /user/repos). Repo gets created inside the installation’s account, no user OAuth dance needed. — Reply to this email directly, view it on GitHub <#172926 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWAGNCB46WLYZEITLFDWI6D3R36TZAVCNFSM6AAAAACGASMVTCVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTIMZVGM4TGOA> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[bhaveshbheda1]

The hybrid approach works.

What I’m doing is:

On the app installation callback URL, I redirect the user again to GitHub’s OAuth flow with the same redirect URL.

This way, I receive both the code (from OAuth) and the installation_id (from the installation callback).

That gives me everything I need. ✅

[jfullstackdev]

I'm not very sure but I will still be commenting here,

---

why a GitHub App may not be able to create a repository in a personal account

1. GitHub App permissions are scoped differently

   • GitHub Apps can request organization-level permissions or user-level permissions.
   • For personal accounts, the repository creation permission via a GitHub App is limited. Personal accounts often require OAuth apps for creating repositories programmatically.

2. Installation context matters

   • Even if the app is installed on a personal account, the API endpoint for creating a repository under a user account requires user authentication (OAuth token), not just the app installation token.
   • GitHub Apps mostly get installation tokens that are scoped for organizations. Many endpoints for personal accounts are restricted.

3. Lovable.dev example

   • They likely combine a GitHub App with OAuth for personal accounts.
   • For organizations, the app alone suffices. For personal accounts, they request OAuth authorization to get a user token that can create a repo.

---

possible workarounds

1. Use a separate OAuth flow for personal accounts

   • If the app needs to create repos in a personal account, request the user to authorize via OAuth, then use that token for repo creation.

2. Limit GitHub App usage to organizations

   • If your workflow can be restricted to orgs, the app token alone is sufficient.

3. Hybrid approach (Org + Personal)

   • Use the GitHub App for organization repositories.
   • Use OAuth for creating repos in personal accounts.

---

so,

GitHub Apps cannot directly create repositories in personal accounts using only the installation token. You need a user OAuth token for personal accounts, while the app token works for organizations.

[github-actions[bot]]

🕒 Discussion Activity Reminder 🕒

This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions:

1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as out of date at the bottom of the page.

2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own.

3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution.

Note: This dormant notification will only apply to Discussions with the Question label. To learn more, see our recent announcement.

Thank you for helping bring this Discussion to a resolution! 💬