Unclear what permissions Github app uses & no information about app at https://github.com/apps/mcp-registry-login-prod

[Flux159]

When trying to authenticate mcp-publisher via mcp-publisher login github, the authentication flow does not make it clear what the mcp-publisher app will do when "acting on my behalf". See image below.

In addition, when going to the app's page at https://github.com/apps/mcp-registry-login-prod no information is provided because it is a private app.

This is following publishing guide from here: https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md

[rdimitrov]

Thanks for flagging this @Flux159! Those are valid points and will be addressed 👍

fyi @domdomegg @tadasant

[domdomegg]

As far as I know everything is set to no access, so I'm not sure why this appears. We only use the token to verify your username and organization membership.

https://github.com/user-attachments/assets/44fddc93-17b0-4c66-8712-b4e25dac439f

Very happy to update the description / logo to explain this better. I've also just added @.modelcontextprotocol/registry-wg so anyone there should be able to update this.

Regarding it being a public/private app, I think it's private because it's not intended to be installed in other organizations (i.e. the login token should only be valid to us). Not quite sure what the other implications are of changing this. Happy to change this if people know more here.