Closed Gakk closed 1 year ago
+1 for this!
+2
Heyy! I almost completed the custom PAT feature and this happened.
Turns out fine graded PAT doesn't yet support GraphQL. But classic tokens work with GraphQL (I tested). So, the only advantage will be, authentication could be completed without involvement of a backend server and without authorising an OAuth app (which were otherwise essential in the case of GitHub auth). I'm not sure what to do. Does this make the whole purpose useless or, should the option be given if anyone wants to use their own classic token? The code is mostly ready in any case. :) Looking forward to your suggestions.
@Gakk @alenkei-pcp @Meital-Zicharevich
@NirmalScaria Fantastic to hear you have started implementation 🥳👍
I was not aware of the limitation for fine-grained PAT, but this is no show-stopper as GitHub is working on implementing support:
All of these quotes are by GitHub employees on the feedback tracking issue for fine-grained PATs: https://github.com/community/community/discussions/36441
And even when using classic tokens, the authentication would still be more transparent and acceptable 😇
Heyy! I'm happy to let you know this has been implemented. The authentication page options now contain a third option, to choose a custom PAT. And I hope it would work out of the box once GitHub supports Fine Graded PAT for GraphQL.
Thank you so much for the support, @Gakk The release could be expected for FireFox today and in a few days for Chrome.
Perfect, will test it when the release for Chrome is available 🚀👍
@Gakk It has been released. Hope you like it. 😌
Thank you for the update, which are the minimum permission to let the extension work?
@usuallyno Sorry for the late response. The minimum required permission is public_repo permission.
Due to security concerns I can not use this on private repositories, as it authenticate directly through your own server.
I suggest you rewrite the plugin to accept a personal access token (PAT), e.g. the same way as the popular Refined GitHub does. If so, a fine grained token could have been supplied, which is more security transparent.