Uhpenry

Why GitHub OAuth is Required

At Uhpenry, transparency and user control are core principles.

At Uhpenry, we help developers monetize repositories securely and seamlessly. One key part of this is requiring users to connect their GitHub account via OAuth when purchasing access.

The Problem: Manual Invitations Are a Bad Experience

GitHub uses collaborator invitations to control access to private repositories. That's secure , but it creates friction:

  • You receive an email or notification.
  • You must manually accept the invitation.
  • If you miss it, you get no access, even after paying.

This often leads to confusion, support tickets, and delays.

With GitHub OAuth (only with your permission), Uhpenry can:

  1. Detect your pending invitation.
  2. Automatically accept it via GitHub's API.
  3. Grant instant access , no manual steps needed.

This improves user experience without compromising control. You can revoke access anytime.

Booth-Controlled Access: Self-Add or Approval

Booths on Uhpenry can choose between two repository access modes:

  • Self-Add: You get added automatically right after payment.
  • Approval: Your purchase triggers a request, and the booth manually approves access.

This gives booths flexibility while ensuring users understand what to expect.

Why We Ask for the repo Scope

GitHub does not offer a limited OAuth scope for accepting invitations. So we must request repo, which covers all repo access.

But here's what we don't do:

  • We don't read, write, or modify your repositories.
  • We don't store your access token beyond the invitation step.
  • We don't act on your behalf elsewhere.

We only accept the invitation once , then the token is discarded.

You're Always in Control

  • Revoke access anytime from your GitHub settings.
  • You can reconnect later as needed.
  • We're adding in-dashboard token revocation soon.

Why Not Manual Invitations?

We tried that , but users miss emails, forget to accept, and often reach out for support. This:

  • Delays access.
  • Creates unnecessary friction.
  • Hurts the experience for both sides.

OAuth + automation = instant, reliable access.

Our Commitment

We only request what's necessary for:

  • Delivering access.
  • Reducing support overhead.
  • Respecting your GitHub data.

If GitHub introduces finer scopes, we'll update accordingly.

We're building Uhpenry for developers, with transparency and trust at the core.

, The Uhpenry Member

Hello world

This is just example of the blog post

How Uhpenry Handles Disputes

Uhpenry's moderation and dispute system empowers booth owners to manage access while giving users a path to challenge unfair restrictions. Learn how our process keeps collaboration fair, secure, and transparent for all developers.

On this page

The Problem: Manual Invitations Are a Bad ExperienceOur Solution: Auto-Accept, with Your ConsentBooth-Controlled Access: Self-Add or ApprovalWhy We Ask for the repo ScopeYou're Always in ControlWhy Not Manual Invitations?Our Commitment