Why does GitHub SSO require so many permissions?


In the company I work for some developers are unhappy with how many permissions they need to give to sonarcloud when logging in with GitHub, it requires the following permissions to be granted:

  • Verify your github identity
  • Know which resources you can access
  • Act on your behalf
  • Read email addresses (the only one which should be really required IMO)

These permissions are not needed when logging in with e.g. GitLab, but GitHub requires it. Why is that? Is there any benefit for that?

Thank you.

1 Like

Hey there.

There are the absolute minimum permissions that can be granted to a GitHub application to authorize a user account.

Our integration with GitHub is a bit different than our one with GitLab – and because of features like GitHub member synchronization, we need to use a GitHub App rather than an OAuth App.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.