Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Pilot Lvl 1
Message 1 of 3

GitHub orgs & approved OAuth apps & changed permissions, Oh My!

GitHub Apps have a great feature where an app needs re-approval at the organization level when it requests additional permissions.

 

As far as I can tell, there is no such notification if a Third Party OAuth app requests additional permissions. Am I overlooking something?

 

Here's the scenario I'm trying to avoid:

  • Org member requests access for third party app
  • Org owner checks app, sees it wants acceptable permission (e.g.read team members), approves app
  • App requests higher permissions (e.g. write repos), org member approves for their account
  • Every app user now has permissions the org owner would not have approved. (Yes, only where org member could perform action, but "hidden".)

 

Is there any way to be notified about 3rd party OAuth app extended permission requests?

2 Replies
Community Manager
Message 2 of 3

Re: GitHub orgs & approved OAuth apps & changed permissions, Oh My!

Hi @hwine,

 

Thanks for being here! As far as I know when hen asking for updated permissions, the application will notify you of the differences. Is this not the case for your Org?


Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Pilot Lvl 1
Message 3 of 3

Re: GitHub orgs & approved OAuth apps & changed permissions, Oh My!

Yes, the OAuth app will notify the user who granted OAuth access to the app.

 

I'm wondering if there is any way for an org owner to also be notified or query for that change?