42atomys
commented
1 year ago @Antoine-lb Ah yes sorry, I dont unlock the previous issue..
For the moment you can revoke the oauth2 app without loosing your beta access 😄. That why I'm totally clear on the /beta page and explain why before you authorize github access. This is required due to beta dependencies to github activity (on the stud42 repository only).
All tokens was encrypted in datastore, and discord and github auto revoke token if the token is not used for long time. The permissive issue about Github permission has already write to the github support few months ago by the github community. I hope this will change in the future.
This permission will be updated when github answer to the ticket / develop a better oauth scopes, or at the end of the beta when we will removed this requirement fot access !
Sorry for the two issues @42Atomys , I can't comment on the other one, is just for collaborators.
Continuing: https://github.com/42Atomys/stud42/issues/275#issuecomment-1328287915
I get it, but to be honest I felt a bit surprised when I opened up the repo and it was already stared, it feels intrusive.
And I have important stuff on my Github account now, so giving you permission to write to any public repo of mine is irresponsible for me as a developer, so I have to turn it off now, hope I can still access the site normally.
And for you it adds an extra responsibility as a project when it comes to security, look at what happened to Heroku (https://www.bleepingcomputer.com/news/security/github-how-stolen-oauth-tokens-helped-breach-dozens-of-orgs/)
That's my two scents, hope it triggers some thought on the matter.
You can close the two issues, hope you the best for this project