In the company I work for some developers are unhappy with how many permissions they need to give to sonarcloud when logging in with GitHub, it requires the following permissions to be granted:
Verify your github identity
Know which resources you can access
Act on your behalf
Read email addresses (the only one which should be really required IMO)
These permissions are not needed when logging in with e.g. GitLab, but GitHub requires it. Why is that? Is there any benefit for that?
There are the absolute minimum permissions that can be granted to a GitHub application to authorize a user account.
Our integration with GitHub is a bit different than our one with GitLab – and because of features like GitHub member synchronization, we need to use a GitHub App rather than an OAuth App.