We use a GitHub App as an identity provider and our users are alarmed that the security prompt says “Act on your behalf”.
The wording is very alarming and out-of-line with the actual permissions we request: just email, not total account access. This is also very different than the UX of other identity providers (Google / Facebook / Apple) where it just shows what permissions an app requests.
It is not just our users who are concerned. Multiple posts in this forum are about concerns about this support forums permissions: