OpenRewriteGo to app →
Search…
Welcome to Moderne
Getting Started
Quick Start: Running your first recipe
How-to Guides
Creating your own recipes with Builder
Integrating private code with Moderne SaaS
Importing external recipes
Terraform Cloud integration
On-premise agent
🚀
Accessing the Moderne API
Releases
Versions of plugins and agent
References
GitHub permissions
Token management
User roles
Interactions with git when applying changes
Routing requests to agents
How AST artifacts are produced
Docker configuration for agent
Legal
Terms of service
Powered By GitBook
GitHub permissions
Moderne.io uses a GitHub oauth application to perform various actions on your behalf. Below is an explanation of those permissions and how they're uses by Moderne.io.

OAuth Permission

Moderne.io requires a select number of OAuth scopes necessary to help you transform your code.
Permission
Scope
Why do we need this
Repositories (Public)
Read/Write
We use this to create branches, create forks of public projects, and push changesets on your behalf.
Organizations and teams
Read-only
We use this to understand the organizations you belong to and your level of access within them.
Personal user data
Read-only
We use this to recognize your account as a new or returning user. Email and Profile included by default with OpenID Connect through OAuth.
Workflow
Read/Write
Recipes that alter GitHub Action workflow files require this scope to perform write operations.

GitHub OAuth applications vs Github applications

Those familiar with GitHub authentication may wonder why Moderne doesn't use Github apps for authentication instead of OAuth apps, since GitHub apparently favors GitHub apps as a replacement for OAuth apps. The reason Moderne is unable to use GitHub app authentication is because creating a user-owned fork of a public repository using Github app authentication requires
  • The individual user has to install the GitHub app into their personal account (not just an organization they belong to).
  • Permissions administration:read and administration:write must be granted.
  • The GitHub application must be installed with "all repositories" access.
Creating forks of public repositories is an important workflow for Moderne, and we don't believe users will want to grant such permissive access to our application. With GitHub oauth application, all that is necessary is the public_repo scope, which doesn't grant Moderne read and write access to all your private repositories, without restriction.
Releases - Previous
Versions of plugins and agent
Next - References
Token management
Last modified 14h ago
Export as PDF
Copy link
Outline
OAuth Permission
GitHub OAuth applications vs Github applications