GitHub login asks for access to my private repos?!

Hey :slight_smile:

I tried to login via GitHub, but I have to agree to share my private repos with this site ?? What is this needed for? I see no scenario in which I want to share my private repos with a forum (they are private for a reason!).

Can you please elaborate (or remove this permission)?

Cheers
Fred

2 Likes

For my part I didn’t allowed that. It’s so crazy their team ask for full repo access, allowing even for pushing, merging…etc without a notice on the reason why!

I typically just use username and password when logging in. Unfortunately, we at Ionic have no control over which permissions are requested via the GitHub Social login feature; out-of-the-box. If you are concerned about sharing this information, then the use of traditional login methods is encouraged.

Unfortunately, we at Ionic have no control over which permissions are requested via the GitHub Social login feature; out-of-the-box.

I’m not sure this is true. I implemented GitHub SSO for a website and as you clan see it only asks for minimal information:

This GitHub login confusion is a very weird and off putting first experience with Ionic, which I was seriously considering for a project for my company. I mean this as friendly feedback so that you don’t dissuade other potential users of your technically great product for silly reasons.

The Ionic Account creation logic is centralized since it’s used in multiple places.
One of the places is Appflow, where it needs repo access for building your apps, so that’s why the GitHub OAuth ask for repo access, and the GitHub repo access doesn’t allow a fine grained repo access like asking for a single repository or for public repositories only, it ask for access to all repositories, included private repositories.

Of course, with some of work it can probably be reworked to follow different flows depending on where the account is being created from and ask for the repo access only if being created from Appflow or other places where it needs repo access.

Note that even in Appflow, we never store a copy of your source code on our servers. With web and native builds, we spin up a new virtual machine for each build, make a copy of the code in order to build it, then destroy the VM after the build is complete.