Use GitHub Apps instead of OAuth for the GitHub Backend #7108
Labels
area: extensions/backends/github
type: feature
code contributing to the implementation of a feature and/or user facing functionality
Comments
caendesilva
added
the
type: feature
caendesilva
added a commit
to hyde-staging/experimental-decap-integration
that referenced
this issue
Feb 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The current use of OAuth Apps in Decap poses a significant security risk by requiring access to all private repositories. This is a concern for many users, and a dealbreaker for some.
Describe the solution you'd like
I suggest transitioning Decap to use the newer GitHub Apps instead of OAuth Apps. GitHub Apps offer more granular repository access, providing much better security by allowing users to specify access permissions on a per-repository basis. This would fix #4329.
Describe alternatives you've considered
Machine users have been proposed as an alternative, but that has many drawbacks.
Additional context
Transitioning to GitHub Apps aligns with best practices for security and would address the specific concerns outlined in issue #4329. Users would benefit from improved control over repository access, contributing to a more secure and reliable experience.
See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps
The text was updated successfully, but these errors were encountered: