Use GitHub Apps instead of OAuth for the GitHub Backend #7108
Labels
area: extensions/backends/github
type: feature
code contributing to the implementation of a feature and/or user facing functionality
Is your feature request related to a problem? Please describe.
The current use of OAuth Apps in Decap poses a significant security risk by requiring access to all private repositories. This is a concern for many users, and a dealbreaker for some.
Describe the solution you'd like
I suggest transitioning Decap to use the newer GitHub Apps instead of OAuth Apps. GitHub Apps offer more granular repository access, providing much better security by allowing users to specify access permissions on a per-repository basis. This would fix #4329.
Describe alternatives you've considered
Machine users have been proposed as an alternative, but that has many drawbacks.
Additional context
Transitioning to GitHub Apps aligns with best practices for security and would address the specific concerns outlined in issue #4329. Users would benefit from improved control over repository access, contributing to a more secure and reliable experience.
See https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps
The text was updated successfully, but these errors were encountered: