undefined | Better HN

0 pointsmunchler3mo ago0 comments

That's good to know, but I would still suggest an on-ramp that only uses GitHub for authentication (i.e. no permissions needed). To that end, it would be nice if I could also authenticate with other OAuth providers instead, like Google, etc.

Again, I understand that this would limit me to scanning public repos, but that would be fine.

0 comments

drob3mo ago

Other auth providers for sure. We'll be adding shortly.

Using an alternate auth provider won't even prevent you from scanning non-public GitHub code. There's a GitHub OAuth App just for auth (which is what you're seeing here), and a separate GitHub App that you need to install either way to give Detail access to the right repos. We can swap out the former for Google/Okta/pw if you want to avoid this warning. GitHub Apps (the half that manages repo access) have a much finer grained permissions model.

j / k navigate · click thread line to collapse

0 pointsmunchler3mo ago0 comments

Again, I understand that this would limit me to scanning public repos, but that would be fine.

0 comments

drob3mo ago

Other auth providers for sure. We'll be adding shortly.

j / k navigate · click thread line to collapse