Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117952 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 28837 invoked from network); 15 Jun 2022 14:00:45 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 15 Jun 2022 14:00:45 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2934E180210 for ; Wed, 15 Jun 2022 08:48:32 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_20,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS24940 176.9.0.0/16 X-Spam-Virus: No X-Envelope-From: Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 15 Jun 2022 08:48:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be; s=mail20171119; t=1655308109; bh=DxRFtouw9YJReO8SIHQMVzGIZl3mvqEo5kqj9cOiBi8=; h=Date:To:From:Subject:From; b=GS/YoscJ6hEQFVtVHJPyMuz+TA8j1X/goPC04iHkEToCy0aXEokhjKZoF254ckgRa luzXiUy4jlMp0j11zGQhELIrSWW9LHX6ChhixaeWTbByFzjZit1buARoobYSr8RHEc tfj+3QpmyCODG/JRg9gCdKbOINpP3KtfD+J0g2vNG05afV0rcuDsbVBIUoPVrvp39+ kvzs7mNcHOVdV55S/iNJ3IffI3HxIWUAwoF2cLAa8Y0ssRQhQ+rqCfE6KT2td6HzLb SEc/DLF14jhSDlscOv9tstIL1fkFBOd6HxplwW7PVTLg/5nx+Md2VFt/hywhRnk0h7 afJXhMtwBNo2A== Message-ID: <7e5adb4b-4862-bc11-7f57-4b6c466b2704@bastelstu.be> Date: Wed, 15 Jun 2022 17:48:27 +0200 MIME-Version: 1.0 Content-Language: en-US To: PHP internals Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Enable OAuth application allow-list for 'php' GitHub Organization From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=) Hi Folks While authorizing a new OAuth app for my GitHub account I noticed that the 'php' organization is one of the few does not have the OAuth "allowed application list" feature enabled that requires explicit approval by an organization owner before an OAuth app is allowed to access private resources within the organization (that includes write access to the repositories). While I trust the OAuth applications I approve for my repositories, I don't necessarily trust them with the PHP organization's resources. This allow-list was later added by GitHub and I assume the PHP organization predates its introduction. It is enabled by default for any newly created GitHub Organization. An organization owner can enable the allow-list here: https://github.com/organizations/php/settings/oauth_application_policy and I would recommend doing so. Documentation is https://docs.github.com/en/organizations/restricting-access-to-your-organizations-data/about-oauth-app-access-restrictions After this allow-list is enabled, an owner can grant the existing intentionally added apps (e.g. Travis, Cirrus or AppVeyor) access via their own list of authorized applications at: https://github.com/settings/applications a) Click the headline of the application in question. b) For the 'php' organization click 'Grant'. Non-owner requests can then later be managed at: https://github.com/organizations/php/settings/oauth_application_policy Best regards Tim Düsterhus