github connection requires too many permissions

Question

github connection requires too many permissions

Closed this issue a year ago · 4 comments

barthuijgen commented a year ago

The permission screen to sign in with Cicada

Can access basically everything on my account!

As comaprison, here is another service that needs access to code: Deno deploy

And similar services like cloudflare pages, etc will allow you to select what repositories to give access to.

Thanks for the early waitlist invite, but I can not test Cicada with these permissions.

Answer 1 · 2023-04-24T02:06:05.000Z

I don't think we actually need all of these permissions and is its a bug to request all of them at the start, will confirm tomorrow.

Answer 2 · 2023-04-24T17:17:49.000Z

@mschrage thoughts on this?

Answer 3 · 2023-04-24T17:46:37.000Z

I think we can downscope permissions to read-only for repos. (We need to be able to list them prior to the user adding the Github app to their org/personal account)

Answer 4 · 2023-04-28T02:30:33.000Z

Hey @barthuijgen, we did some work and reduced the needed permissions to just your user and orgs, no more repo access.