Have you ever been on an interesting site and were about to create an account, but then decided not to after finding out that the site only accepts Login with Facebook, Twitter, etc?
Granting sites my login information is always too much for me. Having full control over a social profile is just too much of a risk for me. I don’t feel I would be in control of my account anymore.
As the founder of Amezmo, I made a huge mistake. I required GitHub access in order to use the Amezmo platform. And the GH access the system requests is very broad with terms such as “Full control of private repos”.
I spoke with a person that was interested in trying out Amezmo, but would not agree to the GitHub permission request. And as a developer, I completely understand. It’s just too much to ask for. But, would providing Amezmo’s service offering be possible without request GitHub access?
The answer is: Yes, it is possible, and the new way is better than the previous way. Now, Amezmo has implemented a new permission request flow based off of GitHub Apps. In the new way, customers may grant Amezmo permissions for a repository of their choice. No longer will we need full GitHub access. You may pick and choose which repositories you’d like to use with Amezmo.
But this isn’t even the part I’m most excited about. The most exciting part is that Amezmo does not need to control your Deploy Keys on GitHub any longer. You control your Deploy Keys, and Amezmo does not request permission to add, or delete new keys. We simply require that you manually add the public key that you get when you launch an instance.
You, and only you control Amezmo’s read-only access to your repo. At any time, you may revoke access and there is nothing Amezmo can do. This is a great thing because it keeps you a developer in control, and allows Amezmo to follow the principle of least privilege.
Here at Amezmo, I make sure that developers that want to use Amezmo are happy. I’m on a mission to make the best hosting platform for PHP applications.