[Architecture] GitHub - Restricting third-party application access
steve at opendirective.com
Sat Sep 9 06:12:18 UTC 2017
Thanks Giovanni - that's a generally useful tip too!
On 8 September 2017 at 15:14, Tirloni, Giovanni <gtirloni at ocadu.ca> wrote:
> Whenever I try to use some application that is integrated with GitHub, it asks for authorization to use my account.
> However, not only it's granted access to my account, it's also granted access to all organizations I belong to.
> This is a bit scary because, if I'm testing some unknown app, I don't want it with full admin or write access to GPII or the fluid-project organizations.
> The way to ensure our most important organizations aren't automatically authorized is to enable "Third-party application access" restrictions on them. Once this is enabled, users have to be explicit and request access to that organization separately.
> * To enable this, go to the organization > Settings > Third-party access > Enable restrictions
> I'd like to suggest we enable this. It'll make things safer for our main project and let users experiment with 3rd-party apps without worrying too much.
> Architecture mailing list
> Architecture at lists.inclusivedesign.ca
More information about the fluid-work