I believe the available permissions are defined by github, not Auth0, so Auth0 would not have any control over them. That said, the permissions that I am seeing seem to be more granular than what you are seeing. You can just leave the connection set to Basic Profile or Basic Profile and Email address if that is all you need.
the problem is that the [repo] permission seem to give access to a large number of things in the repo. I believe we should be able to be more granular.
but you might be correct, the scopes for Oauth github apps are listed here and it seems to match:
Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.
Wanted to reach out to know if you still require further assistance?