Any way to define *optional* GitHub app permissions? #51105
Replies: 2 comments
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
I never received a reply to this, so I guess it's just not possible 🤷♂️ scope permissions are given in their entirety or the login flow fails. Hopefully GitHub replies to this in future. |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Hey! We're building a GitHub app and want to make some of the permissions we're asking for optional, with a degraded/more manual flow for those users who do not want to give us full permissions. Is this possible? Is it on the roadmap? Can you suggest a way to do this?
Use case: our GitHub app is setup by getting the user to install a workflow into their repo and data gets synced to us that way. I would like to add an optional "single file" permission for us to be able to automate the onboarding flow, whilst providing a way for a user to reject a permission whilst still being able to install the app.
Another use case: we have a way of starring/unstarring repos that gets persisted back to GitHub. This is non-essential for the functioning of our app, and if a user wasn't happy with giving us this permission we'd be able to work around it by just disabling that feature.
I hope this is something I've overlooked and there's a way forward here. When using OAuth Scopes, it would theoretically be possible to just omit certain scopes during the login flow if the user wasn't happy about it.
Regards,
Dom
Beta Was this translation helpful? Give feedback.
All reactions