Read-only permission GraphQL Api?


#1

We have an integration that works with the older API, but would like to transition it to the GraphQL api instead. The big piece of customer feedback is that they don’t want to give our application read/write access to their repo.

Are there any plans for more granular permissions on the OAuth tokens using the GraphQL api? Ideally we’d have read-only of code & commits, and no ability to create new objects on github.


#2

:wave: @cschneid,

Thanks for the feedback. The OAuth scope support for the GitHub GraphQL API is admittedly not as full featured as we’d like during the Early Access period, but we do hope to have a more robust solution to address your concerns as we get closer to a production setting.

Are there any plans for more granular permissions on the OAuth tokens using the GraphQL api?

Right now our hope is to incorporate the granular access permissions of Integrations into the GraphQL API. While we don’t explicitly state it in our public roadmap, I’d imagine this would be something we address in the medium to long term.


Incorrect check for personal access token permissions