[Architecture] GitHub - Restricting third-party application access

Justin Obara obara.justin at gmail.com
Mon Sep 11 14:21:03 UTC 2017

Hi Gio,

I’ve updated fluid-project per your request. fluid-lab seems to already
have restrictions enabled, probably because it was created recently.

( See discussion in fluid-work IRC channel,
https://botbot.me/freenode/fluid-work/2017-09-11/?msg=90950577&page=1 ).


On September 8, 2017 at 10:15:17 AM, Tirloni, Giovanni (gtirloni at ocadu.ca)


Whenever I try to use some application that is integrated with GitHub, it
asks for authorization to use my account.

However, not only it's granted access to my account, it's also granted
access to all organizations I belong to.

This is a bit scary because, if I'm testing some unknown app, I don't want
it with full admin or write access to GPII or the fluid-project

The way to ensure our most important organizations aren't automatically
authorized is to enable "Third-party application access" restrictions on
them. Once this is enabled, users have to be explicit and request access to
that organization separately.

* To enable this, go to the organization > Settings > Third-party access >
Enable restrictions

I'd like to suggest we enable this. It'll make things safer for our main
project and let users experiment with 3rd-party apps without worrying too

Architecture mailing list
Architecture at lists.inclusivedesign.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.idrc.ocad.ca/pipermail/fluid-work/attachments/20170911/dd8f7cc6/attachment.htm>

More information about the fluid-work mailing list