Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Scopes for application tokens #4300

Open
aunger opened this issue Jun 22, 2018 · 7 comments
Open

Scopes for application tokens #4300

aunger opened this issue Jun 22, 2018 · 7 comments

Comments

@aunger
Copy link
Contributor

@aunger aunger commented Jun 22, 2018

Allow authentication tokens to be limited in scope. Maybe something like GitHub:

https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/

screenshot_2018-06-22-06-41-29

@stale
Copy link

@stale stale bot commented Jan 22, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the stale label Jan 22, 2019
@randomchance
Copy link

@randomchance randomchance commented Jan 9, 2020

This would be pretty nice to have, especially for build authorizations.

@mpfaff
Copy link

@mpfaff mpfaff commented May 3, 2020

Are there any plans for this? I don't feel comfortable at all with giving every app full access to my Gitea account.

@mcansky
Copy link

@mcansky mcansky commented May 7, 2020

what can we do to help for this ?

@lunny
Copy link
Member

@lunny lunny commented May 7, 2020

Send a PR. :)

@Jean-Baptiste-Lasselle
Copy link

@Jean-Baptiste-Lasselle Jean-Baptiste-Lasselle commented Nov 18, 2020

Send a PR. :)

All scopes support in one PR? you made me sincerely laugh ^^ , nevertheless, it would really be awesome to have the concept of Oauth Apps onto gitea,making it it a real social platform

@Coding-Kiwi
Copy link

@Coding-Kiwi Coding-Kiwi commented Jan 4, 2021

If I understand correctly, if I currently authorize an app it can use that oauth access_token to make a request to /users/{username}/tokens to generate an unlimited, non-expiring access token which then renders the whole oauth expiry/refresh logic useless.

EDIT: nope, the /users/{username}/tokens requires basic auth. Scopes would be awesome nontheless

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants