Forum Discussion

dw-davecare's avatar
dw-davecare
Regular Visitor
12 months ago

SwaggerHub-GitHub Integration with Fine-Grained Access Tokens

The SwaggerHub GitHub Integration is an incredibly useful feature for maintaining OpenAPI definitions in a GitHub Repository when developing using SwaggerHub.

At present, the integration only supports the classic form of personal access tokens. This form has the drawback of requiring the repo scope, which grants full access to all repositories. This is acceptable for personal use, but is not acceptable ( to our security team at least) within a GitHub enterprise organization with many repositories and users.

 

A potential solution could be the use of Fine-Grained Access Tokens, which GitHub released last year to improve this area. This form of the tokens can be issued specifically for one repository and have other security advantages as well.

 

In summary, I do understand that this form of access tokens isn't supported in the current integration.  However before I raise a feature request, I thought to ask this forum to see if others have encountered this issue.   If so, are there any alternative workarounds that I could consider?

No RepliesBe the first to reply