search

NirmalScaria / le-git-graph

Browser extension to add git graph to GitHub website.
https://chrome.google.com/webstore/detail/le-git-graph-commits-grap/joggkdfebigddmaagckekihhfncdobff
MIT License
3.13k stars 16 forks source link

Access private repos without write access #53

Closed probablykasper closed 10 months ago

probablykasper commented 11 months ago

Is your feature request related to a problem? Please describe. I'd like to use this extension with private org repos, but I don't really trust giving write access.

Describe the solution you'd like Improved OAuth to support organizations, or support for fine-grained PATs

Describe alternatives you've considered None

NirmalScaria commented 10 months ago
  1. OAuth doesn't support a "read-only" access level to repos. Its either "repo" access level, or no access to repos at all. Hence, there is no way to change it with OAuth unless GitHub makes support for that option. .
  2. At the time of developing the extension, Github GraphQL API (which the extension completely relies upon) had no support for fine grained tokens. But now it seems it is supported. And it works out of the box, with no modifications to the extension. You could choose "Custom PAT" option in the extension authentication page and enter the fine grained token there. It works. . The permission required is "Read-only" on "contents" option of the repositories it is meant to be used on. (It can be specified while generating the fine grained token.)
probablykasper commented 10 months ago

Looks like the organization needs to explicitly allow access for fine-grained PATs. Weird situation

image image