ranqn
commented
2 years ago My organization can't issue access tokens with repo scope, an option to disable this requirement would be nice.
Closed thatsmydoing closed 2 years ago
ranqn
commented
2 years ago My organization can't issue access tokens with repo scope, an option to disable this requirement would be nice.
n4bb12
commented
2 years ago Hi @thatsmydoing, I don't understand. Could you explain in more detail, please?
thatsmydoing
commented
2 years ago Prior to #136, when a user logs in the Github OAuth screen only asks for reading organization permissions. After #136, when a user logs in again, the Github OAuth screen shows up asking to approve reading repository permissions. In our case, we don't use the feature to restrict access by repository and would rather not expose (possibly private) repository information to verdaccio.
n4bb12
commented
2 years ago Okay got it. Thanks for explaining and submitting a PR 🙏
https://github.com/n4bb12/verdaccio-github-oauth-ui/issues/136 adds restricting via repository but also adds the requirement of private repository access when logging in. We don't use this feature and would rather limit the scopes as much as possible.