Setting up GitHub OAuth

GitHub OAuth powers "Sign in with GitHub" and the repository/branch picker on the app form. It's configured once per LaunchPad installation by the operator, with two environment variables. Without them, email sign-up still works and you can paste repository URLs manually — the UI shows a "GitHub OAuth is not configured" badge instead of the picker.

1. Register a GitHub OAuth app

1. Go to GitHub → Settings → Developer settings → OAuth Apps → New OAuth App.
2. Application name: anything you like (e.g. "LaunchPad").
3. Homepage URL: your LaunchPad host, e.g. https://your-launchpad-host.
4. Authorization callback URL: https://your-launchpad-host/github_connection/callback

2. Set the environment variables

Copy the Client ID and generate a client secret, then set both on the LaunchPad server (e.g. in your Kamal secrets) and restart the app:

• GITHUB_CLIENT_ID — the OAuth app's Client ID.
• GITHUB_CLIENT_SECRET — the OAuth app's client secret.

What it unlocks

• "Sign in / sign up with GitHub" on the login page.
• The repository and branch pickers on the app form (instead of pasting URLs).
• Authenticated clones of private repositories during deploys.
• LaunchPad-managed webhooks for auto-deploy on push.

Scopes and revocation

Sign-in requests only read:user user:email. Connecting GitHub for deploys requests repo in addition, so LaunchPad can list repositories, read branches, clone private repos, and manage deploy webhooks. Users connect their own GitHub accounts under Settings and can revoke access from GitHub at any time.