Only request access to the repo(s) being used in GitHub
in progress
Ryan Block
Currently GitHub's
public_repo
Oauth flows requests read/write access to all public repos, including orgs; Begin should provide some alternate means of authorization that enables more refined scope of permissions.Ryan Block
Quick update on adding more granular git authorization. GitHub, like other providers (GitLab, BitBucket), only offers extremely coarse Oauth scopes. But we have at least one path forward.
I've been working on our GitHub Apps integration, which allows per-repo authorization, and we have a plan for implementation. This would allow you to select which repo(s) you want Begin to have access to, and exclude all else.
Unfortunately, we're currently blocked by some other low-level refactoring related to paid accounts and app creation that needs to ship before we can build out our GitHub Apps integration.
I don't like giving estimates on when this will land (because estimates are so easily wrong), but this is very much the most important new feature right now. We know how to build it, and it's next up.
I'm very much looking forward to releasing this, please stand by for further updates!
Ryan Block
in progress