GitHub Auth & Lightning Bounties

This guide explains why Lightning Bounties uses GitHub OAuth to verify your identity.

By linking your account, you grant just the minimal permissions needed—nothing more—so you stay in control of your data.

Linking Your GitHub Account to Lightning Bounties is Necessary For Several Reasons:

Authentication:

It verifies your identity and prevents fake accounts.

Project Access:

You can link your GitHub projects to post bounties on specific issues or projects.

Issue Tracking:

It helps you stay organized and focused on the issues that require attention.

Collaboration:

Enables effective communication and progress tracking with bug hunters.

Reward Distribution:

Ensures correct and efficient distribution of rewards.

Profile & Reputation:

Builds your reputation as a responsible project maintainer.

TLDR: Linking your GitHub account streamlines bug hunting, promotes collaboration, and ensures proper reward distribution.

Understanding Permissions

When you link your GitHub account to Lightning Bounties, you will be granting us specific permissions:

Read-only Access:
- We cannot alter anything in your GitHub account.
- This ensures that your projects and repositories remain untouched.
Public-only Access:
- We can only access information that is publicly available.
- Any data that is private or restricted is completely off-limits to us.

Comparison with Other GitHub Apps/Services

Many GitHub applications request broader permissions than we do. Here's a quick comparison:

Feature

Lightning Bounties

Algora PBC

Replit

Kodiak

Read-only Access

✅

❌

✅

Write Access

❌

✅

Public-only Access

✅

❌

Access to Private Repos

❌

✅

Explanation of Other Platforms:

Algora PBC: Algora PBC requires broader access to your GitHub account, including the ability to verify your identity, know what resources you can access, act on your behalf, and view your email addresses.
Replit: Replit also requires broader permissions, similar to Algora PBC, including the ability to verify your GitHub identity, know what resources you can access, act on your behalf, and view your email addresses.
Kodiak: Kodiak is a GitHub bot that requires access to all repositories, including public repositories (read-only), and has read and write access to checks, code, issues, pull requests, and workflows.

With Lightning Bounties, you maintain greater control over your data and privacy, as we only require read-only, public access.

Unlinking Your GitHub Account From Lightning Bounties

If you decide to unlink your GitHub account from Lightning Bounties, please follow these instructions:

Go to GitHub: Log in to your GitHub account.
Navigate to Settings: Click on your profile picture in the top right corner, then select Settings from the dropdown menu.
Applications: In the left sidebar, click on Applications.
Authorized OAuth Apps: Under the Authorized OAuth Apps section, locate Lightning Bounties.
Revoke Access: Click on Lightning Bounties and then select the Revoke Access button.
Notification: Lightning Bounties Unlinked: If you see the message "Lightning Bounties User has been revoked from your account" displayed at the top, it means you have successfully unlinked Lightning Bounties from your GitHub account.

After completing the steps to unlink your GitHub account, it will be disassociated from Lightning Bounties.

If you wish to link your GitHub account to Lightning Bounties again in the future:

Visit app.lightningbounties.com
Click on the "Login with GitHub" button.
You will be all set to continue using the platform!

PreviousFIRST TIME ONBOARDING NextSOLVING A BOUNTY

Last updated 10 months ago

Was this helpful?