Reputation: 9054
Github permissions
We've set up a Github app so that it automatically forks a repository for another individual Github user using the Github API. Now we're running into a problem that not everyone wants to give us full read access to all of their private repositories since sometimes they contain sensitive data.
- Is there a way to only get read/write permission to a single repository and not the individual's entire account?
Upvotes: 5
Views: 626
Answers (3)
Reputation: 1425
I believe you're looking for X-OAuth-Scopes. This is a well-defined header so that you may restrict your access scope to, for example, public repositories only.
The github developer documentation here says:
... space-delimited list of scopes. If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with user scope and another token with repo scope, a third web flow that does not provide a scope will receive a token with user and repo scope.
Upvotes: 0
Reputation: 102
Unfortunately, this is not available yet. This feature is still under development as you can see in the Gihub Apps roadmap (and note that I am talking about Github Apps, not OAuth Github Apps). I don't know if this will ever be possible in OAuth Apps but it seems that it might in Github Apps.
There is already a discussion about this at the dear github repository. You should check for news there.
Upvotes: 1
Reputation: 1324337
Is there a way to only get read/write permission to a single repository and not the individual's entire account?
Not that I know of: it is easier to setup a new dedicated GitHub account where you would recreate the private repos you want to give access to.
In that new account, you can consider all the private repos can be accessed.
You would keep the really private ones (with sensitive information) in your original GitHub account.
Upvotes: 0
Related Questions
- Github API v3 -- required permissions for managing deploy keys?
- Issue of Authentication using GitHub API
- restrict GitHub API access with least privilege
- how to check enterprise github api permissions
- Github API : What permission should a Github App get when create an issue
- GitHub API - for changing file permissions
- GitHub Gist access granularity read/write API
- Access rights issue with Git
- github API - Unable to update a repository permission for a team
- GitHub: Privileges