[Suggestion] Limit GitHub authorization scope to selected repositories instead of all public repos

[b1tg]

First of all, Tinymind is a fantastic tool.

I've noticed an area where I believe we could enhance user privacy and security: When logging in with GitHub, users need to authorize Tinymind to access all of their public GitHub repositories, which seems unnecessary. Could we limit the access to selected repositories instead?

[mazzzystar]

Hi I've tried to give permission to only "create repo" and "modify that repo", but I found I can't do that because when auth user didn't have that repo.

Any good ideas for this part?

tinymind/lib/auth.ts

Lines 27 to 38 in d1a8745

	export const authOptions: NextAuthOptions = {
	providers: [
	GithubProvider({
	clientId: process.env.GITHUB_ID!,
	clientSecret: process.env.GITHUB_SECRET!,
	authorization: {
	params: {
	scope: 'public_repo workflow'
	}
	}
	}),
	],

[b1tg]

Sorry, I don't have the experience debugging GitHub authentication processes, but when i use hashnode.com 's Back up to Github (accessible via Dashboard -> GitHub -> GitHub integration), it only asks for single repo access, which might be helpful.

[mazzzystar]

Thank you, I will try out later.