This is only relevant for users who have installed the Polar GitHub App. Not users who have signed up with their GitHub account (OAuth) only.

The Polar GitHub App no longer requires administration permissions 🔒✅

You can now install the app to highlight repositories, enable crowdfunding for issues and more to come - all without granting this sensitive permission. We have also dropped the permission from existing installations that had granted it. No action is required on your side.

Administration permission is still required to offer access to private GitHub repositories as a subscription benefit. Enabling everything from early access programs, sponsorware, open core models to pure software sales.

However, it's now requested via a separate & dedicated GitHub App instead and only if and when you enable this feature specifically.

---

Backstory

On February 7th, we launched the feature to offer access to select private GitHub repositories as a subscription benefit. Automatically granting access to your eligible Polar subscribers and revoking it upon unsubscribes.

GitHub requires the administration permission to make such API calls.

Ideally, we would have been able to request this scope incrementally only once you enabled this feature. Unfortunately, that's not supported by GitHub for GitHub Apps – they have fixed permissions set upfront. See our community feature request for more details.

Therefore, we chose to extend the permission of our GitHub App to support this new feature. Knowing existing users with our GitHub App installed would be notified and get the choice to opt-in or retain prior permissions.

Why the change?

We aim to introduce a lot more great features leveraging the GitHub API. Features we believe a lot of developers on Polar would benefit from. It's not desirable to require administration privileges if it's not absolutely needed, and we can't expect incremental scopes to be introduced in the near-term.

So despite being a more complex technical solution to offer & maintain, it's worth it for the future to ensure users feel comfortable installing the main GitHub App & we can isolate administration privileges only to the feature that requires it & for those using it.

Do I need to do anything?

Don't have the GitHub App installed?

None of this impacts you. Just less permissions for you to grant once you do decide to install our GitHub app.

Didn't offer this subscription benefit, but had our GitHub App installed?

No action required. We've already removed the permission from GitHub which automatically revokes this access directly.

Offering this subscription benefit?

We've sent you an email with instructions on how to migrate to the new GitHub App for the benefit. Rest assured, existing subscribers are unaffected.

---

We're glad to have made this change to support future expansion without requiring administration permissions for all use cases unnecessarily. If you have any questions or concerns, don't hesitate to reach out to us.

All our best,

The Polar Team