Ability to authorize OAuth app to repositories only in an organization #118889
Unanswered
KB1RD
asked this question in
API and Webhooks
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
For example, when authorizing an OAuth application to use the
public_repo
scope, GitHub pops up a box allowing me to choose which organizations the app is allowed to access. I cannot, however, prevent the app from having full access to repositories under my user account. I do not feel comfortable granting OAuth access that would allow an application to edit repositories (including, mind you, reading deploy keys, which are supposed to be kept carefully guarded) when I just want to use it to edit content on a single organization where the security risks of using an external application are acceptable.In short, it would be nice to be able to block access to my main user account, and only use OAuth apps on an organization. The only workaround currently would be to create a separate user account with no personal repositories and add it to the organization, which is a violation of GitHub TOS.
Beta Was this translation helpful? Give feedback.
All reactions