Separate GithHub scopes for logging in and authorizing repos

[amercader]

Right now we are asking a lot of perms just to log in to the site (it made sense at the beginning because the only integration was GitHub anyway).

We should have two separate OAuth calls:

1. To login via Github (scopes: user)
2. To authorize the app on your repos (scopes repo admin:repo_hook)

The second would be done from the GitHub settings page and would essentially "activate" the GitHub integration for the user (we store the state on the integration_users table).

[pwalsh]

@amercader I don't see why this is needed for Beta. It does not fix a bug or add any critical functionality, it just makes our permissions requests more granular and "correct", which seems a great Backlog item to me. Are there additional details that I'm not extracting from the above issue description?

[amercader]

No, it's just to make the service more user friendly. I am personally much more reluctant to sign up for a newly launched service that straight-up asks me for write and admin permissions on all my repos.

[pwalsh]

@amercader I agree (about reluctance), but I want to put it on Backlog for now.

[ethanwhite]

I just heard about this new service and I think it's a very exciting addition to the ecosystem. However I'm not interested in handing over complete control of my GitHub account for a CI service. I suspect this is also true of a lot of other early adopters, so it may be worth prioritizing this in the hopes of getting more leading edge folks engaging with the service.

[pwalsh]

Hi @ethanwhite

We totally hear you. We'll make this change as soon as we can.

[amercader]

@ethanwhite you are of course totally correct.

We've toned the permissions required down to just:

• repo:status: We need this to be able to write the commit statuses (success or failure)
• admin:repo_hook: We need this to be able to create and remove the necessary webhooks to ping the service whenever there is a commit pushed to the repository.