Update access rights for github token?

Question

Update access rights for github token?

msfe opened this issue 7 months ago · 3 comments

In the readme the following information is provided.

VUE_APP_GITHUB_TOKEN
Specifies the GitHub Personal Access Token utilized for API requests. Generate this token with the following scopes: copilot, manage_billing:copilot, manage_billing:enterprise, read:enterprise, admin:org.

I believe that admin:org is overkill. When I did my local setup, I used the less intrusive scope read:org, and it worked just fine. If there is no functionality I'm missing, I would suggest that the README be updated to adhere to the principle of least privilege.

Answer 1 · 2024-05-31T16:45:52.000Z

@msfe , it could be. The README follows the guidelines of the API documentation which mentions admin:org .

@djopatrny , do you have any comments about this? 🙇

Answer 2 · 2024-06-01T20:08:54.000Z

I believe a recent update may have added the read:org scope. The documentation update should go in soon.

Answer 3 · 2024-07-02T15:00:01.000Z

As the docs have been updated and admin permissions requirement has been removed, I updated on this PR the references to admin:enterprise and admin:org. Thanks for raising this.