fix(oauth-scopes): reduce required scopes to the minimum

apps/web/outstatic/content/docs/getting-started.md

@@ -18,7 +18,19 @@ Requirements:
 
 - A [GitHub](https://github.com) account.
 
-Outstatic uses GitHub Oauth for authentication. Before we start you'll need to create a GitHub OAuth app:
+### **Initiating Setup: GitHub Authentication**
+
+Before diving in, it's essential to configure GitHub Authentication for your project. Outstatic accommodates both **GitHub OAuth** and **GitHub Apps** for authentication purposes:
+
+- **GitHub OAuth:** easier and quicker to set up, ideal for simpler integrations.
+
+- **GitHub Apps:** setup is generally more complex, providing a refined level of access and control.
+
+For those opting for GitHub Apps, please refer to the relevant [GitHub Apps Authentication](/docs/github-apps-authentication) documentation.
+
+#### Setting up a GitHub OAuth Application:
+
+Let’s walk through the steps to create a GitHub OAuth Application, streamlining your project’s initial setup:
 
 - First go to the "Register a new OAuth application" page on GitHub by [clicking here](https://github.com/settings/applications/new).
 
@@ -183,3 +195,4 @@ OST_TOKEN_SECRET=A_RANDOM_TOKEN
 ```
 
 To learn more about all the available environment variables, see the [Environment Variables ](https://outstatic.com/docs/environment-variables)section of the docs.
+

apps/web/outstatic/content/docs/github-apps-authentication.md

@@ -0,0 +1,60 @@
+---
+title: 'GitHub Apps Authentication'
+status: 'published'
+author:
+  name: 'Anthony Quéré'
+  picture: 'https://avatars.githubusercontent.com/u/47711333?v=4'
+slug: 'github-apps-authentication'
+description: ''
+coverImage: ''
+publishedAt: '2023-09-23T21:00:00.000Z'
+---
+
+## Use Github Apps for Authentication
+
+The preferred method of integration, as suggested by [GitHub Documentation](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps), is the utilization of GitHub Apps over OAuth Applications. Outstatic has built-in support to seamlessly integrate with Github Apps.
+
+Follow the steps below to create a new GitHub App:
+
+#### 1\. Register a New Application
+
+First go to the "Register a new GitHub App" page on GitHub by [clicking here](https://github.com/settings/apps/new).
+
+#### 2\. Name Your Application
+
+Enter a name for your application, such as "Outstatic Blog".
+
+#### 3\. Set Homepage URL
+
+Enter any valid URL as the Homepage URL. This can be updated later to your actual website URL.
+
+#### 4\. Configure Callback URL
+
+Set the Callback URL to `https://my-website-name.com/api/outstatic/callback`. For local development, you can use `http://localhost:3000/api/outstatic/callback`.
+
+#### 5\. Set Permissions
+
+Outstatic requires read and write access to specific repositories. Navigate to "Repository permissions" and enable "Read and write" access next to "Contents". No other permissions are needed.
+
+#### 6\. Select Account Scope
+
+In the last section, select "Only on this account" if you are creating a repository on your personal account. For creating on other accounts, choose "Any account".
+
+#### 7\. Create GitHub App
+
+Click "Create GitHub App". You will be redirected to your application settings.
+
+#### 8\. Retrieve Client ID & Generate Client Secret
+
+Copy the Client ID from your application settings and generate a Client Secret by selecting "Generate a new client secret". These will be used for `OST_GITHUB_ID` and `OST_GITHUB_SECRET` respectively.
+
+#### 9\. Install the Application
+
+Go to "Install App" in your application settings and click "Install" for the account/organization where you want to add the repository.
+
+#### 10\. Set Repository Permissions
+
+Although providing permission to all repositories is possible, it is recommended to choose "Only select repositories" and add your desired repository. This permission can be modified later in the account/organization settings.
+
+Then you only need to follow the [Getting Started Guide](/docs/getting-started) to configure your application with these values.
+

apps/web/outstatic/content/metadata.json

@@ -1,7 +1,25 @@
 {
-  "commit": "4bd16341cea9c4e431916ee6afad9e57c5b657ee",
-  "generated": "2023-09-23T17:35:23.661Z",
+  "commit": "fec08610d176b40d8e7ced1e524a00748eab8323",
+  "generated": "2023-09-23T20:49:32.407Z",
   "metadata": [
+    {
+      "__outstatic": {
+        "commit": "f88e9cbc1e92098f47f24353f52ec2e379ff17dc",
+        "hash": "1802544230",
+        "path": "/outstatic/content/docs/environment-variables.md"
+      },
+      "author": {
+        "name": "Andre Vitorio",
+        "picture": "https://avatars.githubusercontent.com/u/1417109?v=4"
+      },
+      "collection": "docs",
+      "coverImage": "",
+      "description": "",
+      "publishedAt": "2022-10-13T12:36:25.000Z",
+      "slug": "environment-variables",
+      "status": "published",
+      "title": "Environment variables"
+    },
     {
       "__outstatic": {
         "commit": "28fb2f86179c26f5063364ced8395466b6f7985c",
@@ -40,39 +58,21 @@
     },
     {
       "__outstatic": {
-        "commit": "22650aab8e1fa8241dd7756b1bf90fd79342969d",
-        "hash": "3223339599",
-        "path": "/outstatic/content/docs/fetching-data.md"
+        "commit": "d284432c4f249abdc1b70341c757a5fef958f7ae",
+        "hash": "233056259",
+        "path": "/outstatic/content/docs/github-applications.md"
       },
       "author": {
-        "name": "Jakob Heuser",
-        "picture": "https://avatars.githubusercontent.com/u/1795?v=4"
+        "name": "Anthony Quéré",
+        "picture": "https://avatars.githubusercontent.com/u/47711333?v=4"
       },
       "collection": "docs",
       "coverImage": "",
       "description": "",
-      "publishedAt": "2023-07-25T12:28:25.000Z",
-      "slug": "fetching-data",
-      "status": "published",
-      "title": "Fetching data"
-    },
-    {
-      "__outstatic": {
-        "commit": "f88e9cbc1e92098f47f24353f52ec2e379ff17dc",
-        "hash": "1802544230",
-        "path": "/outstatic/content/docs/environment-variables.md"
-      },
-      "author": {
-        "name": "Andre Vitorio",
-        "picture": "https://avatars.githubusercontent.com/u/1417109?v=4"
-      },
-      "collection": "docs",
-      "coverImage": "",
-      "description": "",
-      "publishedAt": "2022-10-13T12:36:25.000Z",
-      "slug": "environment-variables",
-      "status": "published",
-      "title": "Environment variables"
+      "publishedAt": "2023-08-04T21:00:00.000Z",
+      "slug": "github-application",
+      "status": "draft",
+      "title": "GitHub Application"
     },
     {
       "__outstatic": {
@@ -94,20 +94,21 @@
     },
     {
       "__outstatic": {
-        "commit": "a36a42a309ed2ca9176c49ce0302bf005243b928",
-        "hash": "3142407191",
-        "path": "/outstatic/content/posts/how-to-create-a-blog-with-outstatic.md"
+        "commit": "22650aab8e1fa8241dd7756b1bf90fd79342969d",
+        "hash": "3223339599",
+        "path": "/outstatic/content/docs/fetching-data.md"
       },
       "author": {
-        "name": "Andre Vitorio"
+        "name": "Jakob Heuser",
+        "picture": "https://avatars.githubusercontent.com/u/1795?v=4"
       },
-      "collection": "posts",
-      "coverImage": "/images/outstatic-demo.png",
-      "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.",
-      "publishedAt": "2022-07-14T02:34:02.322Z",
-      "slug": "how-to-create-a-blog-with-outstatic",
+      "collection": "docs",
+      "coverImage": "",
+      "description": "",
+      "publishedAt": "2023-07-25T12:28:25.000Z",
+      "slug": "fetching-data",
       "status": "published",
-      "title": "Learn how to create your blog with Outstatic"
+      "title": "Fetching data"
     },
     {
       "__outstatic": {
@@ -127,6 +128,23 @@
       "status": "published",
       "title": "Docs Menu"
     },
+    {
+      "__outstatic": {
+        "commit": "a36a42a309ed2ca9176c49ce0302bf005243b928",
+        "hash": "3142407191",
+        "path": "/outstatic/content/posts/how-to-create-a-blog-with-outstatic.md"
+      },
+      "author": {
+        "name": "Andre Vitorio"
+      },
+      "collection": "posts",
+      "coverImage": "/images/outstatic-demo.png",
+      "description": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.",
+      "publishedAt": "2022-07-14T02:34:02.322Z",
+      "slug": "how-to-create-a-blog-with-outstatic",
+      "status": "published",
+      "title": "Learn how to create your blog with Outstatic"
+    },
     {
       "__outstatic": {
         "commit": "e91d3250c8d69aa088b87c0401181136f6859b90",
@@ -165,9 +183,9 @@
     },
     {
       "__outstatic": {
-        "commit": "45ca9e42f40af5b62cae3238db8e59ff4f4773ab",
+        "commit": "07a1c5d4917cb890b42c9c65d7438d8b03900e6b",
         "hash": "2303996183",
-        "path": "outstatic/content/docs/using-with-next-js-12.md"
+        "path": "/outstatic/content/docs/using-with-next-js-12.md"
       },
       "author": {
         "name": "Andre Vitorio",
@@ -183,8 +201,26 @@
     },
     {
       "__outstatic": {
-        "commit": "4bd16341cea9c4e431916ee6afad9e57c5b657ee",
-        "hash": "4081880286",
+        "commit": "0203755b3e71110daa0f698a949d9908ce70e8ac",
+        "hash": "2432495499",
+        "path": "outstatic/content/docs/github-apps-authentication.md"
+      },
+      "author": {
+        "name": "Anthony Quéré",
+        "picture": "https://avatars.githubusercontent.com/u/47711333?v=4"
+      },
+      "collection": "docs",
+      "coverImage": "",
+      "description": "",
+      "publishedAt": "2023-09-23T21:00:00.000Z",
+      "slug": "github-apps-authentication",
+      "status": "published",
+      "title": "GitHub Apps Authentication"
+    },
+    {
+      "__outstatic": {
+        "commit": "fec08610d176b40d8e7ced1e524a00748eab8323",
+        "hash": "2000599834",
         "path": "outstatic/content/docs/getting-started.md"
       },
       "author": {

packages/outstatic/src/app/api/auth/login.ts

@@ -1,7 +1,13 @@
 import { redirect } from 'next/navigation'
 
 export default async function GET() {
-  redirect(
-    `https://github.com/login/oauth/authorize?client_id=${process.env.OST_GITHUB_ID}&scope=repo%2C%20user&response_type=code`
-  )
+  const scopes = ['read:user', 'repo']
+
+  const url = new URL('https://github.com/login/oauth/authorize')
+
+  url.searchParams.append('client_id', process.env.OST_GITHUB_ID ?? '')
+  url.searchParams.append('scopes', scopes.join(' '))
+  url.searchParams.append('response_type', 'code')
+
+  redirect(url.toString())
 }