GitHub login permissions


#1

When I try to use the GitHub login option, Beeminder requests read/write access to all my public and private user data and read/write access to all my public and private repos (including the ability to push code in my name or give access to other users). That’s crazy and dangerous. Please don’t do it. For login, the user:email scope should be enough; even for monitoring github activity (which I don’t need; I just want to log in) surely public read access (which is included in every scope) should be enough for 99% of Beeminder users. It sucks that Github doesn’t provide readonly scopes (although it seems to be coming soon, but setting up a more limited access method for all the people who just want to log in or track their public Github activity without creating security risks should still be doable with a reasonable amount of effort.


#2

Agreed. I think this comment applies to pretty much all of the potential authentication methods. Afaict, we don’t currently make much of a distinction between ability to use as authentication and ability to use as a source of goal data.

This particularly freaks out the people wanting us to monitor their gmail inboxes, because the required permissions are way too broad for our needs.