I am starting a new service that would be an abstraction on git repositories. Basically, a user would register and Add project (GitHub / GitLab / BitBucket repository).
The difficult part for me is how do I verify that the person has the appropriate permissions in the repository that he is adding?
I was thinking of a method to generate a temporary hash that would then have to be committed as a specific file in the protected branch (master?) Of the repository. If the hash matches, then it is safe to say that the user is the owner of that repository.
Since I have limited knowledge in this area, is there any better way? What would you recommend?