We have two levels of authentication with GitHub, one for participation and creation of chat rooms for public repositories, and one for private repositories.
When granting Gitter access to GitHub, we request the following capabilities
- Read Email. This is to notify you of new messages and rooms by email. You can easily unsubscribe to these notifications either from the emails or in Notification Settings.
- Organisation & Team. This allows you to create rooms from any of your *public* repositories in organisations you are part of; all it really enables is for us to list the organisations you are part of. We also list your fellow organisation members when creating these rooms so you can easily add or invite them to the room, but we are unable to read any personal information for them other than what is public on GitHub.
Other than a short-lived in-memory cache for performance reasons, none of your GitHub data is stored.
If you want to create chat rooms for private repositories, and inherit all of the permissions from GitHub, you need to grant us repo scope. Unfortunately, GitHub only has one option for this, and this scope grants full access to your private repositories. Other than listing commits and issues, we don't touch the actual code of your repositories in any way.
If you are uncomfortable with this permission, you can always create a private channel and manually add people and GitHub webhooks into that room. This will lose the automatic permissions, which means people with access to the repository, won't be able to automatically join the room and you will have to add them.
Organisation Access Control
GitHub has allowed for organisations to opt into and out of granting access to applications. If you don't want Gitter to have access to a particular organisation for whatever reason, please ensure this is turned on or revoke Gitter's access to this organisation. You need to have admin access to the org in order to do this.
This article provides more information about this feature.
You can also always login via Twitter, although please be aware you can only use Twitter to access public rooms and some rooms may have blocked access to Twitter accounts.