Next: , Previous: , Up: Differences between GitHub Apps and OAuth Apps   [Index] Token-based identification

A GitHub App can request an installation access token by using a private key with a JSON web token format out-of-band.

An installation token identifies the app as the GitHub Apps bot, such as @jenkins-bot.

Installation tokens expire after a predefined amount of time (currently 1 hour).

An OAuth app can exchange a request token for an access token after a redirect via a web request.

An access token identifies the app as the user who granted the token to the app, such as @octocat.

OAuth tokens remain active until they’re revoked by the customer.