Visualstudio-docs: Why does MicrosoftDocs require GitHub "Resources" permissions?
Hello,
This is not related to visualstudio-docs per-se but I didn't find an appropriate or better place for this, so hopefully someone can help and/or answer here. It is related to the VS docs after all (which I've been browsing).
The new docs commenting system is awesome, but why does it require the GitHub permission "Resources: Determine what resources both you and docs.microsoft.com can access"? I tried to find information about it on GitHub and information is scarce but it seems this allows reading what repos (public and private) and organisations a user has access to. This seems very excessive to me and a permission that I'd not like to give to Microsoft by default, just for commenting on their docs.
Am I misunderstanding something?
Thanks!
patrikhuber
All 4 comments
@jdanyow are you the appropriate person to address this concern? If not can you tag the correct person? Thanks!
gewarren
on 27 Feb 2018
Sure, I can provide more info on this.
During the oauth flow, GitHub will display an authorization page that looks something like this:
docs.microsoft.com by MicrosoftDocs
would like access to:Your Account
Verify your GitHub accountResources
Determine what resources both you and docs.microsoft.com can accessActions
Enable you to trigger actions on GitHub from within docs.microsoft.com
I believe the question here is what does "determine what resources both you and docs.microsoft.com can access" mean? First some info on our app...
GitHub has two types of apps: "OAuth Apps" and "GitHub Apps". docs.microsoft.com uses the second kind, a "GitHub App". These types of apps can only act on repos where they are installed. They also have a more granular permission scheme than OAuth Apps. Here's the page where you would configure the permissions: https://github.com/settings/apps/new. We've installed our app on the MicrosoftDocs and Azure GitHub organizations and configured the app with read/write permissions on issues only.
Ultimately the permissions the authorization will grant our app is the intersection of your personal permissions and our GitHub App's permissions. This means we'll only be able to read/write issues on repos in the MicrosoftDocs and Azure orgs via the docs.microsoft.com app.
Hope this helps! More reading here if you'd like:
jdanyow
on 27 Feb 2018
cc @tysonn @ShevaDas @DuncanmaMSFT @adkinn ^^^
jdanyow
on 27 Feb 2018
@jdanyow Okay, cool! Thank you very much for this explanation.
If I understand correctly, the important part is:
Determine what resources both you and docs.microsoft.com can access
Ultimately the permissions the authorization will grant our app is the intersection of your personal permissions and our GitHub App's permissions
So this is an "and" in the literal sense. That sounds great and nothing to worry about in terms of giving MS access to anything.
It's a bit of a shame that GitHub doesn't make this more clear. Now that I know, I understand, but I am pretty sure that few people will really understand when they're clicking to give their permission.
Thank you!
patrikhuber
on 27 Feb 2018
Related issues
Ogglas
路
3Comments
nitinjs
路
3Comments
michael-hawker
路
4Comments
wellwind
路
3Comments
yingang
路
3Comments
Most helpful comment
@jdanyow Okay, cool! Thank you very much for this explanation.
If I understand correctly, the important part is:
So this is an "and" in the literal sense. That sounds great and nothing to worry about in terms of giving MS access to anything.
It's a bit of a shame that GitHub doesn't make this more clear. Now that I know, I understand, but I am pretty sure that few people will really understand when they're clicking to give their permission.
Thank you!