search

mulesoft / api-designer

A web editor for creating and sharing RAML API specifications
Other
1.07k stars 266 forks source link

Registration requires github full access to personnal data #212

Closed McFoggy closed 9 years ago

McFoggy commented 10 years ago

Wouldn't read-only permissions be enough?

dmartinezg commented 10 years ago

Hi @McFoggy, registration to what exactly?

usarid commented 10 years ago

Perhaps this is being confused with API Notebook, which requires github write access to persist notebooks? On Jul 23, 2014 6:23 AM, "Damian Martinez Gelabert" < notifications@github.com> wrote:

Hi @McFoggy https://github.com/McFoggy, registration to what exactly?

— Reply to this email directly or view it on GitHub https://github.com/mulesoft/api-designer/issues/212#issuecomment-49872280 .

McFoggy commented 10 years ago

I was meaning that login to the application http://www.apihub.com/raml/api-designer (redirected to http://api-portal.anypoint.mulesoft.com/raml/api-designer?ref=apihub) using a github account asks for full access to the github personnal account. Login with google for example only ask for read-only access to user email.

usarid commented 10 years ago

Thanks for pointing this out, Matthieu. It's actually not related to API Designer itself but rather to the portal that embeds it, but I'll respond here. The reason for asking for these permissions is that there's no other way to get read access to various things we need for registration, like your name, without requesting the user oauth scope that then gives write access too. We don't in fact write anything, but you're right that read-only should be enough, if github allowed that. But for now we won't touch this, because... in a week we're going to be making significant changes to this anyway. Let's touch base after that.

Thanks again, Uri

On Wed, Jul 23, 2014 at 6:48 AM, Matthieu Brouillard < notifications@github.com> wrote:

I was meaning that login to the application http://www.apihub.com/raml/api-designer (redirected to http://api-portal.anypoint.mulesoft.com/raml/api-designer?ref=apihub) using a github account asks for full access to the github personnal account. Login with google for example only ask for read-only access to user email.

— Reply to this email directly or view it on GitHub https://github.com/mulesoft/api-designer/issues/212#issuecomment-49875446 .

McFoggy commented 10 years ago

I understand ; for your info, you can now ask github OAuth integration just for the user email see here in the documentation: https://developer.github.com/v3/oauth/#scopes.

Matthieu

usarid commented 10 years ago

Indeed, we considered that, but we wanted to actually have the person's real name and company (if available) for the registration. On Jul 23, 2014 11:48 PM, "Matthieu Brouillard" notifications@github.com wrote:

I understand ; for your info, you can now ask github OAuth integration just for the user email see here in the documentation: https://developer.github.com/v3/oauth/#scopes.

Matthieu

— Reply to this email directly or view it on GitHub https://github.com/mulesoft/api-designer/issues/212#issuecomment-49973111 .

sichvoge commented 9 years ago

Closing this case as it is not relevant anymore.