Auth0 Home Blog Docs

Github permissions too broad

github
#1

Hi, I use github social connections to link github account to a Auth0 account.

The permissions that we can select are too broad. Is there a way to restrict them ?

For example, read/write on repo gives access to read/write Issues, PR, Wikis, Deploy Keys, which I don’t need nor want to ask from my users.

Any help would be great,

thanks

#2

Hello @sebgoa,

I believe the available permissions are defined by github, not Auth0, so Auth0 would not have any control over them. That said, the permissions that I am seeing seem to be more granular than what you are seeing. You can just leave the connection set to Basic Profile or Basic Profile and Email address if that is all you need.

1 Like
#3

the problem is that the [repo] permission seem to give access to a large number of things in the repo. I believe we should be able to be more granular.

but you might be correct, the scopes for Oauth github apps are listed here and it seems to match: