GitHub SSO authentication scope requests way too much

Avatar
Ruben Labruyere
Created

Hey JB

Earlier today a friend of mine wanted to create an account on my TC server instance by connection with his GitHub account. However upon trying to do so GitHub requested like way too much from him. It wanted read-only access to his profile which is the only thing it should be asking. But it also requested access to his public and private repositories as well as read and write access to his repository webhooks and services.

He trusts me but even so he was skeptical. And rightfully so. Imagine what strangers must be thinking. I have looked around in the settings both on GitHub as well as in the administration panel and could not find anything to modify this so I assume its built in. Is there a way to limit the scope? Any help would be greatly appreciated!

 

With kind regards,

Ruben Labruyere

Votes

0

Share

1 comment
Avatar
Anton Vakhtel
Created
Hi Ruben,

Could you provide more details on how you set up the authentication? Do you use GitHub App or GitHub OAuth Application to enable the GitHub authentication?

Best regards,
Anton
0

Please sign in to leave a comment.