Moderne uses a GitHub OAuth application to perform various actions on your behalf. Below is an explanation of those permissions and how they're used by Moderne.
Moderne requires a select number of OAuth scopes necessary to help you transform your code.
Those familiar with GitHub authentication may wonder why Moderne doesn't use GitHub apps for authentication instead of OAuth apps, since GitHub apparently favors GitHub apps as a replacement for OAuth apps. The reason Moderne is unable to use GitHub app authentication is because creating a user-owned fork of a public repository using Github app authentication requires:
- The individual user to install the GitHub app into their personal account (not just an organization they belong to).
administration:writemust be granted.
- The GitHub application must be installed with "all repositories" access.
Creating forks of public repositories is an important workflow for Moderne, and we don't believe users should need to grant such permissive access to accomplish it. With a GitHub OAuth application, all that is necessary is the
public_reposcope, which doesn't grant Moderne read and write access to all your private repositories without restriction.