Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

github oauth: too much of requested permissions #5

Closed
jgadsden opened this issue Jun 4, 2020 · 1 comment
Closed

github oauth: too much of requested permissions #5

jgadsden opened this issue Jun 4, 2020 · 1 comment
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@jgadsden
Copy link
Collaborator

jgadsden commented Jun 4, 2020

This issue has been migrated from :
mike-goodwin/owasp-threat-dragon#72
and was opened by @fadeevab :

To use the online version of application the GitHub's authentication is requested.

However a requested scope of permissions is quietly wide:

This application will be able to read and write all public repository data. This includes the following:

Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys

I'm pretty sure it's enough to get an empty scope (see https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/): to read public account information. It's not clear about all other permissions.

Thank you!
@jgadsden jgadsden added the documentation Improvements or additions to documentation label Jun 4, 2020
@jgadsden jgadsden mentioned this issue Jun 4, 2020
Closed
@jgadsden jgadsden added enhancement New feature or request version-2.x labels Jan 17, 2023
@jgadsden jgadsden mentioned this issue Jan 17, 2023
Closed
@jgadsden
Copy link
Collaborator Author

Nothing can be done about this, it is provide by the GitHub OAuth Application and there is not an (obvious) way of changing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jgadsden