Trying to use GitLab to authrorize (with OAuth2) it for the Discourse forum (tested with forum.gitlab.com itself) I’ve got the following authorization request:
Authorization required Authorize forum.gitlab.com to use your account? This application will be able to: Access your API
Some questions sprang to my mind:
- “Access your API” - API access just to create an user in a discussion forum?
- What does it exactly mean? RW access to create/read/delete projects (no link/popup with any explanation)?
It’s somehow scary for people caring about permissions and 3rd-party applications access.
On the other hand if GitHub is used there is just a request to read personal data (a name and an email address).
Is it just the forum misconfiguration or GitLab for the time being doesn’t offer more granular permission scope (which could be probably enhanced in the future)?