Right now the app uses GitHub's OAuth sign in (https://docs.github.com/en/apps/oauth-apps/building-oauth-ap...) which unfortunately doesn't allow for fine-grained permissions (it will only have access to organization code if you explicitly grant it)
. We're switching our sign-in to a GitHub App so we can make the permissions fine-grained.
Yeah, it’s not like this is a saas and you’d need back-end access to the repos. I suspect this is being run with business potential in mind. The OP would do better by making that clear. And if you are selling a self-hosted app, just charge a license fee. People on 100-200/month claude code subscription wouldn’t mind paying 10-30 bucks for this.
Are you still using outdated GitHub Oauth apps for this, or have you swapped to GitHub Apps? GitHub Apps are newer and have Oauth flows, but have a fine-grained permissions model instead of the Oauth permission model.
More-over, can you document the GitHub permissions needed and which GitHub App(s) this tool uses? Are you using device-flow, online oauth-flow, etc? And where are the Oauth tokens stored if so? Is there any server-side component where you might be storing tokens?
I think they can revoke a certificate, but I don't think these certs need to be signed by Apple to be effective. If they aren't, they probably just show a warning.
We're in Canada, have looked at Braintree and couldn't get a merchant account going either with them or their only partner for Canada. Turned around and looked at Beanstream for Merchant Account + Gateway, so far excellent service and product. Gateway not as neat as Braintree's Transparent Redirect but better than almost anything we've looked at.
