
OAuth Improvements - llambda
https://github.com/blog/1523-oauth-improvements
======
pbiggar
Thank you GitHub!!

We lose so many users due to the permissions we need at
[https://circleci.com](https://circleci.com), this is going to be awesome!

~~~
pbiggar
Oh, if you want to see what this looks like in practice:
[https://github.com/login/oauth/authorize?client_id=78a2ba87f...](https://github.com/login/oauth/authorize?client_id=78a2ba87f071c28e65bb&redirect_uri=https%3A%2F%2Fcircleci.com%2Fauth%2Fgithub%3Freturn-
to%3D%252F&scope=user%2Crepo)

(Obviously, if you accept this, you'd be giving CircleCI access to your
repos).

~~~
pbiggar
Oh, you can play around with that URL and the scopes too to see how the
permissions are affected. Eg change "user" to "user:email". See
[http://developer.github.com/v3/oauth/#scopes](http://developer.github.com/v3/oauth/#scopes)
for a list of all the scopes.

------
elithrar
Definitely for this. Clearer permissions are only a good thing.

(good timing too, as I'm using GitHub's OAuth flow for a small project!)

------
edwintorok
Would be nice if they made the permissions more fine grained. For example
split the 'Public repositories and organizations': instead of granting access
to all public repos, grant access to only specific repositories.

~~~
pbiggar
Yes indeed. CircleCI needs read-access to the repos you need to test, and the
ability to add a read-only SSH key to those repos.

Unfortunately, the only way to get that is to ask for read- and write-access
to all private repos, which makes nobody happy (see
[http://developer.github.com/v3/oauth/#scopes](http://developer.github.com/v3/oauth/#scopes)
for the actual options).

