[multiuser] Signup with thin scopes for GitHub.
See original GitHub issueIs your enhancement related to a problem? Please describe.
Currently, user must accept to give scopes repo,user,write:public_key
to Che.
IMO, this is too strong (or risky) for entry users who don’t use full functions.
Describe the solution you’d like
The bast is to enable no scope on their signup/login. (read:user
, read:email
may be safe.)
And Che asks adding more scope permission to the user logged in when it was required.
I guess it can be implemented by calling add_scopes
via PATCH /authorizations/:authorization_id
provided by GitHub API.
Describe alternatives you’ve considered
Additional context
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Managing multiple accounts - GitHub Docs
If you contribute with two accounts from one workstation, you can access repositories by using a different protocol and credentials for each account....
Read more >Scopes for OAuth Apps - GitHub Docs
Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional...
Read more >Support multi-login and multiple user profiles #21 - GitHub
The user may have multiple accounts for one website, multiple users may be using the same browser to log in to a specific...
Read more >Multi-User Support · Issue #165 · Kovah/LinkAce - GitHub
LinkAce should support multiple user accounts which then can independently manage their links. Current challenges: There must be at least two roles: admin ......
Read more >Enable multi-user authorization for AWS · Issue #4761 - GitHub
Yes, It's ready and I tested it's working fine on my side. kubeflow/manifests#908 adds extra component only used by aws. Should be very...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Downgrading the priority. This is a very good enhancement request which will need to get prioritized - but regarding the other areas that needs hardening, this has a lower impact right now.
Issues go stale after
180
days of inactivity.lifecycle/stale
issues rot after an additional7
days of inactivity and eventually close.Mark the issue as fresh with
/remove-lifecycle stale
in a new comment.If this issue is safe to close now please do so.
Moderators: Add
lifecycle/frozen
label to avoid stale mode.