You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -183,9 +183,14 @@ GitHub Enterprise Server does not support remote server hosting. Please refer to
183
183
1. To run the server in a container, you will need to have [Docker](https://www.docker.com/) installed.
184
184
2. Once Docker is installed, you will also need to ensure Docker is running. The Docker image is available at `ghcr.io/github/github-mcp-server`. The image is public; if you get errors on pull, you may have an expired token and need to `docker logout ghcr.io`.
185
185
3.**Authentication.** On github.com you don't need to create anything up front — the one-click buttons above log you in with OAuth on first use (a browser-based flow; the token is kept in memory only). The Docker buttons publish a fixed callback port (`127.0.0.1:8085`) so the container's login callback is reachable. See **[Local Server OAuth Login](docs/oauth-login.md)** for how it works, headless/device-code fallback, and bringing your own OAuth or GitHub App (required for GitHub Enterprise Server and `ghe.com`).
186
-
187
186
Prefer a token? You can still authenticate with a [GitHub Personal Access Token](https://github.com/settings/personal-access-tokens/new) by setting `GITHUB_PERSONAL_ACCESS_TOKEN` instead (it takes precedence over OAuth). The MCP server can use many of the GitHub APIs, so enable the permissions that you feel comfortable granting your AI tools (to learn more about access tokens, please check out the [documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)).
188
187
188
+
**Using GitHub App Authentication.** Alternatively, you can run the server as a GitHub App installation. This is recommended for automated environments or enterprise deployments. Set the following environment variables (or pass the corresponding CLI flags):
189
+
-`GITHUB_APP_ID` (or `--app-id`): The GitHub App ID.
190
+
-`GITHUB_APP_INSTALLATION_ID` (or `--app-installation-id`): The App installation ID.
191
+
-`GITHUB_APP_PRIVATE_KEY` (or `--app-private-key`): The RSA private key PEM block string.
192
+
-`GITHUB_APP_PRIVATE_KEY_PATH` (or `--app-private-key-path`): Alternatively, the file path to the RSA private key PEM file.
193
+
189
194
<details><summary><b>Handling PATs Securely</b></summary>
returnerrors.New("authentication required: set GITHUB_PERSONAL_ACCESS_TOKEN, pass --oauth-client-id to log in via OAuth, or configure GitHub App credentials")
55
73
}
56
74
57
75
// If you're wondering why we're not using viper.GetStringSlice("toolsets"),
@@ -110,13 +128,14 @@ var (
110
128
InsidersMode: viper.GetBool("insiders"),
111
129
ExcludeTools: excludeTools,
112
130
RepoAccessCacheTTL: &ttl,
131
+
GitHubAppTokenSource: appTokenSource,
113
132
}
114
133
115
-
// When no static token is provided, log in via OAuth using the given
134
+
// When no static token or GitHub App TokenSource is set, log in via OAuth using the given
116
135
// client. The requested scopes default to the full supported set
117
136
// (which filters out no tools); an explicit, narrower --oauth-scopes
118
137
// both narrows the grant and hides tools needing other scopes.
0 commit comments