Reevaluate permissions needed by Gitpod app

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Description

Currently, it looks like the Gitpod app requires access to the full user API which seems excessive 🤔

This opens up a security attack vector for compromising users and could even be a deterrent for user adoption. Let's evaluate what permissions are actually needed by Gitpod. Maybe GitLab needs to expose some permissions in a more granular way?

Edited Jul 10, 2025 by 🤖 GitLab Bot 🤖