Hello, thanks for reaching out and welcome to the community!
We’re using a GitHub App to allow for people to sign in to the GitHub Support Community. In order to do this and provide the information that the Support Community forum software needs, we’ve configured it to be able to:
- Verify your identity
- Request read-only access to your account’s email address
Because of the way GitHub Apps work for this sign-in-as scenario (or other user-to-server applications), it has the ability to act on your behalf or know which resources you can access, but only within the scope of the permissions we’ve requested, in other words verifying your identity and reading your account’s email address.
We understand that this is poorly and confusingly worded for this kind of scenario. We’ve given this feedback to the team that is responsible for how this dialog is designed. We’ll be working with them to improve it to hopefully make it more clear and understandable as to what exactly is being requested so that you can be more confident in the decision you’re being asked to make.
Let us know if you have more questions.