GitHub orgs & approved OAuth apps & changed permissions, Oh My!

GitHub Apps have a great feature where an app needs re-approval at the organization level when it requests additional permissions.

As far as I can tell, there is no such notification if a Third Party OAuth app requests additional permissions. Am I overlooking something?

Here’s the scenario I’m trying to avoid:

  • Org member requests access for third party app
  • Org owner checks app, sees it wants acceptable permission ( team members), approves app
  • App requests higher permissions (e.g. write repos), org member approves for their account
  • Every app user now has permissions the org owner would not have approved. (Yes, only where org member could perform action, but “hidden”.)

Is there any way to be notified about 3rd party OAuth app extended permission requests?

Hi @hwine,

Thanks for being here! As far as I know when hen asking for updated permissions, the application will notify you of the differences. Is this not the case for your Org?

Yes, the OAuth app will notify the user who granted OAuth access to the app.

I’m wondering if there is any way for an org owner to also be notified or query for that change?