Use read:org scope instead of user for accessing orgs

https://github.com/simonw/datasette-auth-github/blob/31405aad01381190fccefdf675fd24d11232fa9f/datasette_auth_github/views.py#L19-L24

`user` scope is actually quite frightening - it allows write access to the user profile! `read:org` should work just as well here.

	if config.get("load_teams"):
	scope = "read:org"
	elif config.get("load_orgs"):
	scope = "user"
	else:
	scope = "user:email"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Use read:org scope instead of user for accessing orgs #73

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Use read:org scope instead of user for accessing orgs #73

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions