GitHub import + OAuth: OAuth auth method doesn't allow import of collaborators
As our docs state, the repo
scope is needed for GitHub imports. And if you want to import collaborators, you need the read:org
scope as well.
If a user is authenticating their import with a personal access token from GitHub, selecting these scopes is done manually.
If a user wants to use OAuth to authenticate their import, which may be beneficial for rate limiting reasons, the token is obtained via an oauth flow with hard-coded scopes. The code that does this is in app/controllers/concerns/import/github_oauth.rb
.
Right now, the hard-coded scopes requested are 'repo, user, user:email'
As far as I can tell, the scopes were added here but there is no conversation in that MR about why all 3 were added when we just need repo
.
In addition, if someone wants to import collaborators, we should add the read:org
scope.
The workaround right now is to use a PAT instead of OAuth to authenticate a GitHub import.