Permission settings for OAuth #34
-
|
I am loving what I'm seeing in the GitHub Educators walkthrough video. I tried to log in to classroom50.org and had a question about permissions. Does this app have access to all my public and private repos, or only those listed in the organization? I don't have many concerns about my private repos, but I think others might be hesitant to share all their repos with an open-source app. Would someone be able to clarify? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Indeed, right now, signing in does grant access to all your repositories, public and private, not just the org's. That's because Classroom50 logs you in as a classic GitHub OAuth App using the repo scope, and GitHub's repo scope is all-or-nothing: there's no way to limit it to a single org's repos. The app is essentially a web layer on top of the same workflows the GitHub CLI (gh) uses, so it requests similar broad scopes to those gh does (repo, workflow, read:org, etc.). That keeps behavior consistent with our CLI implementation, but it inherits the same constraint: gh also asks for full repo access, because that scope can't be narrowed to specific repositories. A few things worth knowing:
|
Beta Was this translation helpful? Give feedback.
Indeed, right now, signing in does grant access to all your repositories, public and private, not just the org's.
That's because Classroom50 logs you in as a classic GitHub OAuth App using the repo scope, and GitHub's repo scope is all-or-nothing: there's no way to limit it to a single org's repos.
The app is essentially a web layer on top of the same workflows the GitHub CLI (gh) uses, so it requests similar broad scopes to those gh does (repo, workflow, read:org, etc.). That keeps behavior consistent with our CLI implementation, but it inherits the same constraint: gh also asks for full repo access, because that scope can't be narrowed to specific repositories.
A few things worth knowing: