/user/userGetCurrent should be always accessible #33583
Labels
type/proposal
The new feature has not been accepted yet but needs to be discussed first.
Comments
AdamMajer
added
the
type/proposal
|
But when you want to give others a token but it can only read repositories or issues, wouldn't it be more strict? |
|
The main concern here is when you have a token, and can read repositories or issues, you don't know which comments are made by the owner of the token. At least not by just having a token. This is somewhat important if you use issue comments as a data store. So, I agree with you that it's more strict, but we don't have separate permission to just read current user data. There's only ability to enable reading all users data. Adding more fine grain control to only read current user data would be more than enough. This is mostly a nit issue and not very important. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Description
The endpoint
/user/userGetCurrentcurrently requires [read:user] scope permissions. Would it make sense to make this universally accessible for all tokens? For example, I do not want access to information about other users or tokens, but just information about current token account.Alternatively, maybe there should be a distinction about getting read permissions to current user vs. read permissions to all users?
Screenshots
No response
The text was updated successfully, but these errors were encountered: