Add a way to check whether token permissions are sufficient for a given operation
yiannistri opened this issue · comments
It would be good to have a way to validate that a token has all the right permissions i.e. repo
and admin:org
before it's used.
For GitHub: a response header X-OAuth-Scopes
is returned that includes the current scopes https://docs.github.com/en/developers/apps/scopes-for-oauth-apps
For GitLab: an API call should return the current scopes https://docs.gitlab.com/ce/api/personal_access_tokens.html
Turns out that GitLab does not support an easy way to get the scopes of the current token. The above endpoint is not available in all flavours of GitLab and also it enumerates all the available tokens as opposed to the current one being used.
We can't restrict the use of this library to GitLab Ultimate, I propose we don't implement the permission check for GitLab.
Ok I'll wait until the GitLab PR gets merged before I implement the method to return an ErrNoProviderSupport
.