Proposed BadgingAPI Refactor to Reduce GitHub Permission Scope Requirements #62
adeyinkaoresanya
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
The BadgingAPI maintenance team is currently refactoring the BadgingAPI to address a few issues identified in the system, including concerns about the permission scopes required by the badging bot on users’ repositories. This relates to the earlier discussion held on Slack.
At the moment, GitHub OAuth does not provide a granular permission scope that allows access to only public email/user information. Because of this limitation, we explored a workaround in order to implement the principle of least-privilege access.
With the new implementation for event badging:
The main trade-off is that applicants will no longer appear as issue participants directly. However, they will still receive notifications whenever they are tagged in comments using their GitHub username, thus will be notified if a reviewer is asking for further details or when their badge is ready.
Below are screenshots comparing the old and new permission scopes, along with examples of the resulting output:
Before:
After:
Before:
After:
We would appreciate your feedback before we move this into production.
CC:
@germonprez
@ElizabethN
@Ruth-ikegah
@geekygirldawn
@DesmondSanctity
Beta Was this translation helpful? Give feedback.
All reactions