Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GitHub authorization requires full access #53

Open
tyarkoni opened this issue Oct 17, 2017 · 3 comments
Open

GitHub authorization requires full access #53

tyarkoni opened this issue Oct 17, 2017 · 3 comments

Comments

@tyarkoni
Copy link

Currently, authentication via GitHub requires granting access to all repos, public and private. Doesn't seem like there's any reason the app would need private access, so this seems like a bug to me (and I didn't grant it!).
@neelsomani
Copy link
Member

Hey @tyarkoni! I'm going to loop in @akeshavan. Anisha and I were talking about this a bit last year.

I didn't want to share my private repos either (or the repos for all organizations that my account is attached to), so this was a concern for me as well. At the same time, we didn't want to restrict Brainspell to only use repos that are public, because I'd figure that not all users necessarily want to make their Brainspell collections public, since doing so would pollute their personal repos page.

The temporary solution that we have in mind is for users to have a separate GitHub account for use with Brainspell if they're not comfortable with the permissions as is. But we're open to suggestions if you have another solution in mind, and we can discuss the option of restricting Brainspell for use only with public repos on this thread.

@tyarkoni
Copy link
Author

Ohhhh I didn't realize it was pulling data from GitHub repositories! That makes sense now (and is a great idea). I guess the problem is GitHub doesn't allow users to grant access to specific private repos?

I'm not sure what the best solution is. I think if you keep the current approach, you should probably have a message pop up before authentication explaining the situation. Probably a better approach, if you can implement it that way, would be to let the user choose whether they want to authorize only public repos, or public and private. I doubt many people will go to the trouble of creating temporary accounts just for this.

@jbpoline
Copy link
Collaborator

I agree, if it is going to be used by many people for correcting the whole literature that's not a good model, but in the case of small team interested in a specific meta analysis that may be ok. We brainstormed a couple of times on this ... In principle one meta analysis should be one repo cloned by the people collaborating on it with PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jbpoline @tyarkoni @neelsomani