Dschoordsch
commented
1 month ago I think we only need vso.project vso.work_write ^1
Closed Dschoordsch closed 1 month ago
Dschoordsch
commented
1 month ago I think we only need vso.project vso.work_write ^1
mattkrick
commented
1 month ago I believe we need to turn it into an app so it have fine-grained permissions on a per-repo basis: https://github.com/ParabolInc/parabol/issues/7114
Dschoordsch
commented
1 month ago We are registered as a web app (#9531). Not sure how we can configure per repo permissions.
mattkrick
commented
1 month ago oh! well i'm an idiot i must've missed this! i might be thinking of the GH integration that can do repo-specific perms. makes sense that orgs have a repo or 2 they don't want to expose to parabol
Right now we're requesting the
.defaultscope which requests access to all Azure DevOps APIs. A customer 🔒 pointed out that this is excessive as it also allows source code access.