From d69851cc334eb0f9c440049ac01c2623161c5274 Mon Sep 17 00:00:00 2001
From: msukkari <michael.sukkarieh@mail.mcgill.ca>
Date: Sat, 18 Oct 2025 16:14:00 -0700
Subject: [PATCH] more info in docs for user auth perms

---
 docs/docs/configuration/auth/providers.mdx | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/docs/configuration/auth/providers.mdx b/docs/docs/configuration/auth/providers.mdx
index 3d3cca0a..7fda085a 100644
--- a/docs/docs/configuration/auth/providers.mdx
+++ b/docs/docs/configuration/auth/providers.mdx
@@ -36,7 +36,9 @@ The following authentication providers require an [enterprise license](/docs/lic
 Authentication using both a **GitHub OAuth App** and a **GitHub App** is supported. In both cases, you must provide Sourcebot the `CLIENT_ID` and `SECRET_ID` and configure the 
 callback URL correctly (more info in Auth.js docs). 
 
-When using a **GitHub App**, enable the `“Email addresses” account permissions (read)` permission to allow Sourcebot to read the email of the user from GitHub after they authenticate.
+When using a **GitHub App** for auth, enable the following permissions:
+- `“Email addresses” account permissions (read)`
+- `"Metadata" repository permissions (read)` (only needed if enabling [permission syncing](/docs/features/permission-syncing))
 
 **Required environment variables:**
 - `AUTH_EE_GITHUB_CLIENT_ID`