Don't require full access to all private GH repos to login


#1

Currently to login via GH you require full access to all private repos:

This can include repos from organisations. This is really unreasonable; you can be much more selective (I’ve ranted about online CIs doing the same in the past, but I think many of them have changed now). Not only is it bad for users (even if I didn’t have important things like API keys in private repos today, I might in the future) it also significantly increases the damage if you’re ever compromised; because you’re potentially exposing full private repo data from a huge number of large companies.


#2

Hi DanTup,

thanks for pointing out! I’ll update the scopes asap. We use these permissions to be able to import and export from private repositories. I’ll make sure we only ask access to your private projects, not to any organization one.


#3

It wasn’t only org access I was objecting to; I think it’s unreasonable to require full access to even a users own private repos (which might also be forks of organisations private repos) just to login.

If you need access to a private repo for an import/export you can request that when you need it. I don’t think it’s good practice for companies to ask for so much access (not for users to give it; but users tend to be less aware of security implications than the companies asking for the access).

I know most people don’t care; but I won’t agree to any service requiring access to repos it doesn’t need; it’s too big a risk. I use GitHub login for more sites than I can count on my fingers; it doesn’t make sense for them all to have access to all these things.


#4

Thanks Dan,

requiring access only when needed is on our todolist, we’ll make sure it gets an higher priority now :slight_smile:

Thanks again! Happy coding!


#5

Thanks for considering this. Is there an ETA for when this is likely to be implemented?


#6

Hi avranju,

it’s the next item I’ll be working on, so expect news soon :slight_smile:


#7

Please change this, it’s really over the top.

I’m now locked out of my Glitch account because there’s no way I’m going to give it full read/write access to my github repos.


#8

Hi everyone,

this is now fixed and deployed. Logging in only requires the user:email scope, and you can enable/revoke repo access when you need to import and export from GitHub.


#9

Great; thanks!

(apparently a post needs to be 20 characters…)


#10

But is there an example of an image?