Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-12818

GitLab authentication require too much privilege when group sync is disabled

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      GitLab built-in authentication require the "api" scope of permission by default. This is a high level of permission, needed only when group synchronisation is enabled : otherwise "read_user" is enough.

      Requiring useless high-level permission is a bad practice, and we should restrict the scope of granted permission as much as possible.

      group synchronisation enabled : require "api" scope
      group synchronisation disabled : require "read_user" scope

        Attachments

          Activity

            People

            Assignee:
            pierre.guillot Pierre Guillot
            Reporter:
            pierre.guillot Pierre Guillot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: