GitHub supports using fine-grained access tokens for committing and accessing the API. These allow you to restrict the scope of the token to a specific repository and can help limit the impact if a token is compromised.
We currently have fine-grained access tokens disabled for our Organization on GitHub, but I would like to turn them on so people can start using them. I think eventually we may want to require these for access to our org, but for now they will be optional.
Any objections to doing this? If not I’ll try to enable them next week.
3 Likes
No objections. I can’t see any downside to have them enabled.
IDK if it’s related, but today I tried to use reviewable again and it didn’t work.
Note that I used it once some time ago, without any problems.
Now, it prints an error message like this when I want to submit my review:
Failed to publish: GitHub error 403 on POST https://api.github.com/repos/llvm/llvm-project/pulls/78315/reviews: Although you appear to have the correct authorization credentials, the llvm organization has enabled OAuth App access restrictions, meaning that data access to third-parties is limited. For more information on these restrictions, including how to enable this app, visit https://docs.github.com/articles/restricting-access-to-your-organization-s-data/
Could it be related?
In my Sign in to GitHub · GitHub on tab “Authorized OAuth Apps”, after selecting “Reviewable” I have this:
It’s not related, because I haven’t made the config change yet. Do you remember the approximate date the last time it worked?
I can’t recall. It must have been sometimes before the holidays. It could be that I simply don’t remember correctly and I never actually published anything using that app, thus hiding this error message.
@beanz is working on the policy to allow 3-rd party apps to access project-wide information (including e.g. emails of users). It is disabled until the policy will be established and the privacy policy of apps reviewed to comply.
I have enabled this for the llvm organization now. I would encourage every one to use fine-grained access tokens from now on, especially if you belong to multiple organizations on GitHub. If you run into any issues with this, let me know.
