cla-assistant wants too many authorizations

[afrische]

Hi,
i earlier signed a CLA and tried to login again just now. I was greeted with a request with a request to modify the authorization (ain't going to happen). Maybe related to #77 ?

• Existing access is public access
• the request is for :

 Personal user data
Email addresses (read-only)
This application will be able to read your private email addresses.

 Learn more
Repository webhooks and services
Read and write access
This application will be able to read and modify repository webhooks and services (no direct code access).

 Learn more
Repositories
Public only
This application will be able to read and write all public repository data. This includes the following:

Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys
 Learn more
Commit statuses
Read and write access
This application will be able to read and write commit statuses (no direct code access).

 Learn more
Organizations and teams
Read-only access
This application will be able to read your organization and team membership.

 Learn more
Gists
Read and write access
This application will be able to read and write your public and secret gists.

[thojansen]

This is the set of permissions we require for the admin role to set up CLA assistant for a project and not for a contributor to an already enabled project. In case you just log in to the main route / we currently assume that you want to enable CLA assistant for a new repo.

@KharitonOff We should also check again that we need all permissions for both cases.

[KharitonOff]

As @thojansen wrote we use 2 different OAuth scopes for contributors and administrators:
contributor scope:

• user:email - we need it just for user identification

admin scope:

• user:email - user identification
• public_repo - read all public repositories in order to provide a selection of your repos to set it up
• read:org - include also organization repositories into the selection
• repo:status - CLA assistant sets it's status on pull requests
• read:repo_hook, write:repo_hook - CLA assistant creates a pull request-hook on linked repositories to get a notification on pull request and check whether all committers have signed your CLA
• gist - access to public and "secret" gist files, where your CLA should be stored

For more information look https://developer.github.com/v3/oauth/#scopes

[Olf0]

@KharitonOff and @thojansen, issues do not vanish by closing them! This action just makes them replicate, i.e., enforces users to create duplicate issue reports, see #97, #566, #810, #863 etc.

I suggest to deal with this at issue #566, until it has been fully resolved: I.e., until the CLA assistant works properly with cookies disabled in the web-browser.