Hacker Newsnew | past | comments | ask | show | jobs | submit | keavy's commentslogin

Hey! Just in case you missed it, the new GitHub Apps might be a suitable alternative for you - they can have granular permissions (https://developer.github.com/v3/apps/permissions/), so the app can select just enough permissions that it needs. For example, a GitHub App could request permissions to write issues, but not read your code - which isn't possible with OAuth Apps and scopes, as you mention. You also install them on a per repository basis, so you can pick and choose that access. Mostly these are for the app to carry out actions as itself (e.g. create a status, write an issue comment, run a build), but some actions as an authorized user are allowed just now. There's more info on them here: https://developer.github.com/apps/building-integrations/sett...


Thanks for pointing this out. I guess it will take a while before most services start taking advantage of the more granular permission APIs. I've lost count of how many SASS products offer Github integration and then ask for all the permissions. I never feel comfortable with that level of access so I always decline or create a new github account so I can contain access I am granting.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: