Use (no-scope) for OAuth? #69
Comments
|
This has already been discussed in #20 |
|
Also, regarding the usage of REST API, I had initially built the whole extension using REST API and the lack of required API endpoints are painful. There is no API to get all commits from all branches together! And that is absolutely required for this extension to work. That is why the choice was switched to GraphQL. |
|
But when I try to authorize only public repos it asks for write access as well
Oh and I encountered a visual bug on the auth screen:
Multiple texts seems to be on top of each other. |
|
The visual bug seems to be caused by some changes on the github styling, on which the extension code depended on. I am getting it solved. |
Is your feature request related to a problem? Please describe.
As issue #12 has already stated, requesting both read and write access when authenticating seems unnecessary.
Describe the solution you'd like
To somehow only request read access and maybe to not request anything when on a public repo as everything is public.
Describe alternatives you've considered
Now, I'm not at all well versed in GitHub OAuth but after reading about the different scopes GitHub provides it seems that (no-scope) could work.
I don't know if "repository info" is enough but as public repos are open-source by nature and anyone can see the commit history of such a repo I don't see why an app couldn't do that. An alternative is to switch to a real GitHub app (instead of an OAuth app) where you can choose the amount of access more precisely and use their REST API.
References used:
https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps
https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28
The text was updated successfully, but these errors were encountered: