-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub authorizations should be limited to the strict minimum #6
Comments
Oooh! Nice find! This seems to be the default behavior of next-auth to ask for the user scope when logging you in. Seems like it'd be very possible to override and set just the scopes I'd need, as per GitHub's scope documentation. Seems like all we'd need is |
Hmm. The documentation is quite vague. I don't know exactly what we get with the Perhaps the best thing is to try with this scope and see what you have access to. I've seen several OAuth examples using the |
I just saw that it is possible to specify no scope. It is documented as follows:
This may be just what you need. |
Yeah I dig that. PRs welcome! |
Currently, when I try to sign in, GitHub asks me to grant the following authorizations:
I think it would be better to limit the authorizations to the strict minimum (e.g., read-only private email).
The text was updated successfully, but these errors were encountered: