Comments (6)
lucacasonato
commented on August 28, 2024
Act on your behalf is not an all-encompassing permission. It just means that if we asked for any permissions which allowed us to act as your user account (which we do not, we only request readonly email access), we would be able to act as your account. This is the minimal set of permissions you can request from GitHub as a GitHub App.
More info: https://github.community/t/why-does-this-forum-need-permission-to-act-on-my-behalf/120453
A description has now been added to the GitHub App.
TLDR:
- We can only read-only access your email (read-only), and status checks and source code for repos your explicitly add the app to.
from deploy_examples.
jedahan
commented on August 28, 2024
Thanks for the pointer to that thread, though it kind of raised more questions than it answered.
So you are saying even though the wording is Act on your behalf, trust the app will only request
- read-only email address access (presumably to send email alerts?)
- status checks (what is a status check? like, reading the state of PRs?)
- the ability to ask to read a repositories source code
from deploy_examples.
jedahan
commented on August 28, 2024
I guess if you only request read-only email access, its a bit confusing why it should be a github app at all. Especially after skimming https://docs.github.com/en/developers/apps/about-apps where there is an explicit callout:
Don't use a GitHub App if you just need a "Login with GitHub" service. But a GitHub App can use a user identification flow to log users in and do other things.
Though its weird the flowchart diagram later on the page would suggest "make a github app"
from deploy_examples.
lucacasonato
commented on August 28, 2024
We also allow you to install the app on repositories. That is why it is a GitHub App. The 'can act on your behalf' wording is rather dubious - not sure what GitHub means with that. We specifically only request read only email access during signin. It is not possible for us to do things like post comments, or push to repos as your user account.
from deploy_examples.
jedahan
commented on August 28, 2024
Thank you for the clarification. Sounds like poor wording on GitHub's part.
from deploy_examples.
lucacasonato
commented on August 28, 2024
I'll close this as unactionable then.
from deploy_examples.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deploy_examples.