Amplify-console: Amplify Console appears to request excessive access to GitHub.com accounts
* Please describe which feature you have a question about? *
When I attempted to connect an app to a repository in my GitHub.com account, I was presented with a dialogue stating that extensive read and write access to my GitHub.com account was being requested rather than only read-only access that is stated on the connect app web page in the Amplify Console.
Am I misunderstanding the degree of access Amplify Console is attempting to obtain?
If I am understanding it correctly, then it's unclear to me why someone would grant such wide ranging access to a 3rd part.
* Provide additional details*
See detailed screenshots here:
https://github.com/aws-samples/aws-serverless-workshops/issues/257
The issue was originally filed under the aws-samples/aws-serverless-workshops repo because I encountered this issue when running through the Web Application module 1 static web hosting lab.
ckamps
All 3 comments
Thanks for your feedback @ckamps - we've added this to our backlog to investigate further.
kahdojay
on 27 Jan 2020
@ckamps to connect your GitHub account we use GitHub oauth. The scopes are specified here and are full access: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes
However, the service stores only a deploy key in our account, thus keeping read-only access to your repo.
swaminator
on 24 Feb 2020
However, the service stores only a deploy key in our account, thus keeping read-only access to your repo.
I don't feel comfortable giving full-access to an OAuth app that claims it needs read-only access to work.
KomaGR
on 5 Nov 2020
Related issues
asyschikov
路
5Comments
thedgbrt
路
5Comments
gherrera-gesintel
路
4Comments
hassankhan
路
4Comments
OzzieOrca
路
3Comments
Most helpful comment
I don't feel comfortable giving full-access to an OAuth app that claims it needs read-only access to work.