GitHub Apps have a great feature where an app needs re-approval at the organization level when it requests additional permissions.
As far as I can tell, there is no such notification if a Third Party OAuth app requests additional permissions. Am I overlooking something?
Here’s the scenario I’m trying to avoid:
- Org member requests access for third party app
- Org owner checks app, sees it wants acceptable permission (e.g.read team members), approves app
- App requests higher permissions (e.g. write repos), org member approves for their account
- Every app user now has permissions the org owner would not have approved. (Yes, only where org member could perform action, but “hidden”.)
Is there any way to be notified about 3rd party OAuth app extended permission requests?