As an organization owner I receive requests from user to approve third-party apps. As I learn more about these, there are different scopes and permissions requested by these third party apps. How to I review these permissions before approved them? How do I audit the permissions that are currently granted to approved applications?
You can review and approve OAuth apps using this help guide: https://help.github.com/articles/approving-oauth-apps-for-your-organization/
You can also review installed integrations following this guide https://help.github.com/articles/reviewing-your-organization-s-installed-integrations/ as well as deny access to previously approved OAuth apps following this help article: https://help.github.com/articles/denying-access-to-a-previously-approved-oauth-app-for-your-organization/
If there’s anything else I can help you with, let me know; so happy to help further!
Hi! I have the same question as the OP, but I don’t think response answers my question.
The first and third link above give instructions for granting and revoking permission for users in my organization to install particular OAuth apps. It seems like when I’m doing that, I don’t get to see what permissions scopes OAuth apps are requesting, or restrict what scopes they can have. Is that correct?
(The middle link above appears to be about apps installed at the organization level, which I think is different? I’m interested in the apps in the “third party access” tab, and that link pertains to the “installed Github apps” tab).