New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[multiuser] Signup with thin scopes for GitHub. #13916
Comments
@monaka do you know what kind of auth/authorization is required to call |
@skabashnyuk I checked the official document and ...
Hmm, my approach won't fit to Che. |
I inspected Gitpod in shallow. It looks just calling |
@skabashnyuk Do you think we should trigger something like this for GA? To me it seems like nice enhancement, but I'm not sure we add another enhancement into GA. |
No, because we need to figure out if that possible at all. I mean manipulation of token scopes on Kyecloak side. |
I agree. It's enough to be realized on 7.1.0 or later. |
Downgrading the priority. This is a very good enhancement request which will need to get prioritized - but regarding the other areas that needs hardening, this has a lower impact right now. |
Issues go stale after Mark the issue as fresh with If this issue is safe to close now please do so. Moderators: Add |
Is your enhancement related to a problem? Please describe.
Currently, user must accept to give scopes
repo,user,write:public_key
to Che.IMO, this is too strong (or risky) for entry users who don't use full functions.
Describe the solution you'd like
The bast is to enable no scope on their signup/login. (
read:user
,read:email
may be safe.)And Che asks adding more scope permission to the user logged in when it was required.
I guess it can be implemented by calling
add_scopes
viaPATCH /authorizations/:authorization_id
provided by GitHub API.Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: