Reduce scope of scope of personal access token
rafaroca opened this issue · 1 comments
rafaroca commented
Hi, first of all thanks for this great piece of software :)
I noticed that you suggest api scope for the Personal Access Token. Since the merge request notifier only needs read access, the text could be modified to read_api.
I could positively test that the read_api scope is enough.
ruettenm commented
Thanks for the hint. You are right. The notifier is only „reading“ the API ✔️