I have successfully set up a hugo blog, deployed on Netlify and using Netlify-CMS.
To log in to the admin interface of the blog and create/edit posts, users log in with their Github account.
But to log in, users need to grant the application full access to their Github private and public repos, which is not something acceptable for some users.
After having logged in, I can effectively see it in my Github settings β Applications β Authorized OAuth Apps.
I would like to give the Oauth application only access to the repo containing the blog. I searched through the documentation, but could not understand where I need to do it and how.
Unfortunately, itβs not possible due to limitations of the GitHub OAuth API. More info here:
opened 04:14PM - 17 Sep 20 UTC
area: extensions/backends
pinned
<!--
If you are reporting a new issue, make sure that we do not have any duplic⦠ates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please add a comment to the existing issue instead.
Please include as much of the information requested below as possible. If you fail to provide the requested information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.
If you have an issue that can be shown visually, please provide a screenshot or GIF of the problem as well.
-->
**Describe the bug**
We want to keep a static site project in a private github repo inside our organization and use netlify-cms for content management. However, the OAuth backend requires full read/write access to all repos of that organization and a more fine-grained selection of grants is not possible.
**To Reproduce**
1. Create a new private repo inside a github organization with restrictive access (i.e. _organization settings_ β _third-party access_ β _policy = access restricted_)
2. Set up a Hugo/GatsbyJS/... site with netlify-cms in that repo [as described in the guide](https://www.netlifycms.org/docs/gatsby/)
3. Configure the `github` backend for netlify-cms
4. Deploy site on Netlify
5. Create an OAuth2 app for Github authentication [as described here](https://docs.netlify.com/visitor-access/oauth-provider-tokens/#setup-and-settings)
6. Visit the site's netlify-cms backend and click _Login with Github_
**Expected behavior**
One would expect that it's possible to restrict netlify-cms access to only the relevant repositories (just like it's possible when setting up a Netlify site from Github).
**Screenshots**
![Screenshot from 2020-09-17 17-39-35](https://user-images.githubusercontent.com/1295945/93495753-c220a880-f90e-11ea-86b3-2eae544ce1e2.png)
**Applicable Versions:**
- Netlify CMS version: netlify-cms-app 2.12.22 / netlify-cms-core 2.30.6
- Git provider: GitHub
- Browser/OS: Chromium Version 85.0.4183.102 (Official Build) Arch Linux (64-bit)
- Node.JS version: node v14.10.1 / npm 6.14.3
**CMS configuration**
```yml
backend:
name: github
repo: my-org/my-repo
branch: master
media_folder: static/img
public_folder: /img
collections:
- name: 'blog'
label: 'Blog'
folder: 'content/blog'
create: true
slug: 'index'
media_folder: ''
public_folder: ''
path: '{{title}}/index'
editor:
preview: false
fields:
- { label: 'Title', name: 'title', widget: 'string' }
- { label: 'Publish Date', name: 'date', widget: 'datetime' }
- { label: 'Description', name: 'description', widget: 'string' }
- { label: 'Body', name: 'body', widget: 'markdown' }
```
**Additional context**
I am aware that this issue might not be directly related to netlify-cms but to either the Netlify API or the Github OAuth API. Please let me know if I should report this upstream instead, thanks!
Our current workaround is creating a separate Github organization with a single private repo and granting the Netlify Auth Service full access to this organization.
1 Like