Code Climate uses GitHub OAuth for user authentication into the application. This web application flow is described in GitHub's documentation.
Additional information about the scopes we request can be found here.
In Team-based Authorization [deprecated], access to repositories is specified by teams. Teams are associated with repositories, and members of those teams have access to those specific repositories. Teams are defined and controlled solely by Code Climate organization owners and have no relation to GitHub teams.
In GitHub-Backed Authorization, Code Climate uses the GitHub API to determine which repositories Code Climate organization members can view results for: members can only view repos on Code Climate that they have permission to view on GitHub. Consequently, if a users access to a repository is revoked on GitHub, it is also revoked on Code Climate.
Updated over 4 years ago