Support a read-only scope for API access for OAuth applications
Problem to solve
Currently, there is only one API scope for OAuth applications: full read/write access to the API. There are use-cases for only allowing read access which is not currently supported.
Intended users
Security engineer - makes their job easier because 3rd party OAuth applications can only request read access and not have the ability to write data to the GitLab instance.
Further details
Sourcegraph has the ability to be installed as an OAuth application in GitLab. It requires that the user give it api permission scope, which grants full read/write access currently. Sourcegraph does not need to use write functionality, but there is no option to provide read-only scope so users are forced to grant both read/write access. Adding a read-only scope would allow Sourcegraph to ask for a smaller permission set, making it easier to roll out to sensitive GitLab instances.
Proposal
Add a new API scope called api-read-only that grants full read access to the API, but no write access.
What is the type of buyer?
Enterprise buyers would benefit from this.