github connection requires too many permissions
Closed this issue · 4 comments
The permission screen to sign in with Cicada
Can access basically everything on my account!
As comaprison, here is another service that needs access to code: Deno deploy
And similar services like cloudflare pages, etc will allow you to select what repositories to give access to.
Thanks for the early waitlist invite, but I can not test Cicada with these permissions.
I don't think we actually need all of these permissions and is its a bug to request all of them at the start, will confirm tomorrow.
I think we can downscope permissions to read-only for repos. (We need to be able to list them prior to the user adding the Github app to their org/personal account)
Hey @barthuijgen, we did some work and reduced the needed permissions to just your user and orgs, no more repo access.