search

github-copilot-resources / copilot-metrics-viewer

Tool to visualize the Copilot metrics provided via the Copilot Business Metrics API (current in public beta)
https://ashy-sky-02a7d0403.5.azurestaticapps.net/
MIT License
215 stars 99 forks source link

Update access rights for github token? #33

Closed msfe closed 11 hours ago

msfe commented 1 month ago

In the readme the following information is provided.

VUE_APP_GITHUB_TOKEN Specifies the GitHub Personal Access Token utilized for API requests. Generate this token with the following scopes: copilot, manage_billing:copilot, manage_billing:enterprise, read:enterprise, admin:org.

I believe that admin:org is overkill. When I did my local setup, I used the less intrusive scope read:org, and it worked just fine. If there is no functionality I'm missing, I would suggest that the README be updated to adhere to the principle of least privilege.

martedesco commented 1 month ago

@msfe , it could be. The README follows the guidelines of the API documentation which mentions admin:org .

@djopatrny , do you have any comments about this? 🙇

djopatrny commented 1 month ago

I believe a recent update may have added the read:org scope. The documentation update should go in soon.

martedesco commented 11 hours ago

As the docs have been updated and admin permissions requirement has been removed, I updated on this PR the references to admin:enterprise and admin:org. Thanks for raising this.