[davetron5000]

It wants to act on GitHub on my behalf. Not clear why I should allow it to do that, especially when the only info about this app that is presented is that it will store my data on GCP.

Can you modify your oauth request to only ask for what permissions you need and/or itemize out what the app is going to do on my behalf?

[adchurch]

Totally fair - I'll look into removing that because we don't need it. But fwiw we don't act on your behalf, we just pull data about PRs/reviews!

Thanks for the feedback :)

[adchurch]

It's worth mentioning that GitHub only allows us to act on your behalf in repos you install the app in. But when you install the app you'll see it's only requesting read permissions to metadata => it can't take any actions, either by itself or on your behalf.

So tbh I think that bit of UI is a little deceptive because in practice we can't actually do anything with just an authorization but no installation. Relevant docs: https://docs.github.com/en/apps/using-github-apps/authorizin....

Still very useful feedback though!