The following text describes the permissions requested by a third party which wants to use GitLab authentication:
- Read the authenticated user’s personal information
Grants read-only access to the authenticated user’s profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
- Access the authenticated user’s API
Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.
Does that mean the 3rd party will have read/write access to my repos? This is the part which seems to indicate that: “Grants complete read/write access to the API, including all groups and projects…”