Add a way to check whether token permissions are sufficient for a given operation

Question

Add a way to check whether token permissions are sufficient for a given operation

yiannistri opened this issue 4 years ago · comments

Yiannis Triantafyllopoulos commented 4 years ago

It would be good to have a way to validate that a token has all the right permissions i.e. repo and admin:org before it's used.

For GitHub: a response header X-OAuth-Scopes is returned that includes the current scopes https://docs.github.com/en/developers/apps/scopes-for-oauth-apps

For GitLab: an API call should return the current scopes https://docs.gitlab.com/ce/api/personal_access_tokens.html

Yiannis Triantafyllopoulos · Answer 1 · Mon Sep 28 2020 19:15:55 GMT+0800 (China Standard Time)

Turns out that GitLab does not support an easy way to get the scopes of the current token. The above endpoint is not available in all flavours of GitLab and also it enumerates all the available tokens as opposed to the current one being used.

Stefan Prodan · Answer 2 · Mon Sep 28 2020 20:09:26 GMT+0800 (China Standard Time)

We can't restrict the use of this library to GitLab Ultimate, I propose we don't implement the permission check for GitLab.

Yiannis Triantafyllopoulos · Answer 3 · Tue Sep 29 2020 00:12:29 GMT+0800 (China Standard Time)

Ok I'll wait until the GitLab PR gets merged before I implement the method to return an ErrNoProviderSupport.