reduce oauth permission scopes

Signed-off-by: Kaxada <[email protected]>
badging · Oct 11, 2024 · 8fccf48 · 8fccf48
1 parent 247e247
commit 8fccf48
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/providers/github/auth.js b/providers/github/auth.js
@@ -33,15 +33,15 @@ const githubAuth = (req, res) => {
   }
 
   if (type === "event-badging") {
-    const scopes = ["repo"];
+    const scopes = ["public_repo"];
     const encryptedFormData = encrypt(JSON.stringify(req.body));
     const url = `https://github.com/login/oauth/authorize?client_id=${
       process.env.GITHUB_AUTH_CLIENT_ID
     }&scope=${scopes.join(",")}&state=${encryptedFormData}`;
 
     res.send({ authorizationLink: url });
   } else {
-    const scopes = ["user", "repo"];
+    const scopes = ["user", "public_repo"];
     const url = `https://github.com/login/oauth/authorize?client_id=${
       process.env.GITHUB_AUTH_CLIENT_ID
     }&scope=${scopes.join(",")}`;