Too wide GH API permissions required just to sign a CLA

[dolmen]

CLA Assitant requires too wide permissions when I'm using it just to sign a CLA.
For example, why does it want to be able to write to my repos?

[KharitonOff]

this question is already answered in #78
To sign a CLA you access CLA assistant via a specific link https://cla-assistant.io/<org_or_user>/<repository_name>

[dolmen]

It appears that despistes I arrived on CLA assistant via a such link, the authentication process failed in some way (probably because I have cookies disabled by default for all sites), so I have probably been redirected to the home page where I clicked on the "sign up with GitHub", and that's probably the reason why I have been asked so many perms.

So I think that you should track more the users coming using a "sign link", to avoid such failures. Signing a CLA should either work without cookies (not even session cookies) enabled, or you should detect the issue (and report to the user) if they are required.

[jn64]

This issue still exists. Accessing CLAassistant via a specific link (not homepage), with cookies disabled, appears to work with no indication to the user. The only clue is that the user is confusingly redirected to the homepage and asked for more permissions.

[Olf0]

@KharitonOff and @thojansen, as denoted closing this was premature. It enforced users to create duplicate issue reports, see #78, #566, #810, #863 etc.

I suggest to deal with this at issue #566, until it has been fully resolved: I.e., until the CLA assistant works properly with cookies disabled in the web-browser.