Different (bigger) scope of permissions in github vs gitlab

[rodoviario]

I am using regulary git-credentaial-oauth with gitlab. Yesterday I was going to clone a github.com project and noted a bigger scope there to accept of the app, and no way to reduce or limit it to the bare minimum necessary.

Actually, for doing a git clone of the https URL I guess that no auth have to be necessary. Unless you later try to do a push, and in that case

Is there a way to reduce the scope when pulling from github.com?

• Remove gists (read/write)
• Reduce scope (perhaps to the specific repo)
• Remove organizations (or make them optional)
• Remove workflow

And if there is not, at least is there a way to configure it to ignore github.com but keep working for gitlab.com?

echo url=https://gitlab.com | git credential fill

echo url=https://github.com | git credential fill

[hickford]

The default scope for GitHub is:

https://github.com/hickford/git-credential-oauth/blob/baef999395425f9c7c7ce616e72243a855aa6244/main.go#L48

You can customise the scope as you prefer:

 git config --global credential.https://github.com.oauthScopes repo

See docs https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps for GitHub's complete list of scopes

[hickford]

specific repo

Separately to OAuth, you might be interested in GitHub's fine-grained personal access tokens https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token