I’ve created an OAuth app that posts comments in the issue tracker on user’s behalf. However, to make it work, user have to give the app full read/write access to their repositories. Unsurprisingly, people don’t want to do that. Is there a way to grant just the access to issue tracker?
OAuth Apps have a limited permission granularity model, as it can be seen at https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
For those case where fine-grained controls are important, we recommend to use GitHub Apps. Checkout our docs: