I have successfully set up a hugo blog, deployed on Netlify and using Netlify-CMS.
To log in to the admin interface of the blog and create/edit posts, users log in with their Github account.
But to log in, users need to grant the application full access to their Github private and public repos, which is not something acceptable for some users.
After having logged in, I can effectively see it in my Github settings → Applications → Authorized OAuth Apps.
I would like to give the Oauth application only access to the repo containing the blog. I searched through the documentation, but could not understand where I need to do it and how.