scopes for github oauth

[memen45]

integration_github/src/components/PersonalSettings.vue

Line 182 in 318bbd1

+ '&scope=' + encodeURIComponent('user repo notifications')

In this line more access is requested compared to what is described in settings. Should it not be read:user user:email notifications instead to be more specific?

As mentioned in the "connected accounts" GitHub settings hint, you should check "read:user", "user:email" and "notifications" permissions.

Originally posted by @eneiluj in #18 (comment)

[julien-nc]

Yes well, when using OAuth, we request more scopes than when using a personal token. It's not a big deal as the app never makes any action which require the user:follow permission.

Keep in mind that the instructions in the settings are for personal tokens and the line you mention is about the scopes that are required when getting a token via OAuth.

Did I understand your concern?

Anyway, for security reasons, let's limit the OAuth scopes as much as possible, you're right. it's done and pushed. It will be included in the next release.

[memen45]

Yes, indeed, both scopes repo and user:follow are not used then, right?