Thanks for the questions - totally understand the concern, and sorry for not conveying this more clearly upfront.
We ask for permission to manage your contacts so that you can easily invite co-workers to your project on Awesomebox.
We ask for permission to access your repositories on Github so that, for the repositories you choose, we can automatically update Awesomebox when you push new code.
Unfortunately, Github's permission model is "all-or-nothing" - we wish we could let you grant us access only to a specific repository, but it's not currently possible via Github's API.
If you'd prefer not to connect your Github or Google accounts, you can also signup with an email address and try using Awesomebox on an example project.
This question needs to be answered. It is NOT ok for apps like this to request blanket access to manage our contacts with no explanation. Edit: Thanks for the explanation.
Completely agree - our apologies for not making this explicit. See my answer above for why we ask for the permissions we do.
Part of the challenge is that, during the auth dialog, there's no way for us to explain why we're asking for permissions. This is true across every oAuth identity provider I've done integrations with - they don't give you a way to explain why you ask for something like "Manage Contacts".
For that reason, when we ask you to connect to Github, directly below the button we link to a page about security (right now only visible to logged in users, sorry about that):
We ask for permission to manage your contacts so that you can easily invite co-workers to your project on Awesomebox.
We ask for permission to access your repositories on Github so that, for the repositories you choose, we can automatically update Awesomebox when you push new code.
Unfortunately, Github's permission model is "all-or-nothing" - we wish we could let you grant us access only to a specific repository, but it's not currently possible via Github's API.
If you'd prefer not to connect your Github or Google accounts, you can also signup with an email address and try using Awesomebox on an example project.
Does that help answer your question?