GitHub - Restricting third-party application access
gtirloni at ocadu.ca
Fri Sep 8 14:14:57 UTC 2017
Whenever I try to use some application that is integrated with GitHub, it asks for authorization to use my account.
However, not only it's granted access to my account, it's also granted access to all organizations I belong to.
This is a bit scary because, if I'm testing some unknown app, I don't want it with full admin or write access to GPII or the fluid-project organizations.
The way to ensure our most important organizations aren't automatically authorized is to enable "Third-party application access" restrictions on them. Once this is enabled, users have to be explicit and request access to that organization separately.
* To enable this, go to the organization > Settings > Third-party access > Enable restrictions
I'd like to suggest we enable this. It'll make things safer for our main project and let users experiment with 3rd-party apps without worrying too much.
More information about the fluid-work