Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Restrict Github API access to only one repository of an user

We have an web application, which lets the user write code and store it in an internal git repository on our server. Now we wanted to allow the user to share his code with his github repository. So we looked through the api documentation of github and found a way via ouath2. However to make this work, we need to request write access from the user, but github oauth access scopes only include write access to all repository of an user, which is way too much for us.

Is it possible to restrict an api access for only one specific repository of an user?

like image 407
jume Avatar asked Oct 31 '22 02:10

jume


1 Answers

As per jasonrudolph comment, it is not currently possible to restrict API access to a specific repository.

Deploy keys are the closest thing that provides this type of functionality. (This won't help you from an API perspective, but a deploy key might meet your underlying need.) If your application were to generate an public/private SSH keypair, and the user were to add the public key as a deploy key in the repository, then you could use the private key to access just that one repository (without having access to the user's other repositories).

like image 108
2 revs Avatar answered Nov 15 '22 05:11

2 revs