GitHub API Authentication Updates

At Solano Labs, we believe that a seamless integration between our service and our customers’ tools provides the best user experience. Many of our customers today use GitHub and have connected a GitHub account with their Tddium account using OAuth.

We take the security of our customers’ code very seriously, and we’re making some important changes to our GitHub OAuth integration that should give you much finer-grained control over the privileges you give Tddium to operate on your GitHub account.

What we do now
Our current GitHub OAuth functionality requests nearly complete permissions to your GitHub account (“user,repo” scope in GitHub’s API terminology). Tddium requests these privileges so that it can fully automate the setup of the CI workflow (commit hooks, deploy keys, and keys to install private dependencies). Our updated GitHub integration allows for multiple privilege levels so that you can make a tradeoff between permissions and automated setup.

In the next week or so
we’ll roll out changes that will:

  • Allow basic Single-Sign-On with no GitHub API access otherwise.
  • Let you choose between 3 privilege levels that allow Tddium to:
    1. post commit status to update pull requests (for public and private repos)
      (“repo:status” scope)
    2. automate CI webhooks and deploy keys for public repos.
      (“repo:status,public_repo” scope)
    3. automate CI webhooks and deploy keys for public and private repos.
      (“repo” scope)
  • Give instructions on creating bot Github users to allow your builds to pull dependencies installed from private GitHub repos.

If you have already linked your GitHub account, it will continue to be linked, and will give Tddium the current high level of permissions. After the rollout, you’ll be able to easily edit Tddium’s permissions on your GitHub account on your User Settings page.

We look forward to your feedback at


The Solano Labs Team


One Trackback

Post a Comment