Github permissions too broad

Hi, I use github social connections to link github account to a Auth0 account.

The permissions that we can select are too broad. Is there a way to restrict them ?

For example, read/write on repo gives access to read/write Issues, PR, Wikis, Deploy Keys, which I don’t need nor want to ask from my users.

Any help would be great,

thanks

Hello @sebgoa,

I believe the available permissions are defined by github, not Auth0, so Auth0 would not have any control over them. That said, the permissions that I am seeing seem to be more granular than what you are seeing. You can just leave the connection set to Basic Profile or Basic Profile and Email address if that is all you need.

1 Like

the problem is that the [repo] permission seem to give access to a large number of things in the repo. I believe we should be able to be more granular.

but you might be correct, the scopes for Oauth github apps are listed here and it seems to match:

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?