Use (no-scope) for OAuth?

[Goby56]

Is your feature request related to a problem? Please describe.

As issue #12 has already stated, requesting both read and write access when authenticating seems unnecessary.

Describe the solution you'd like

To somehow only request read access and maybe to not request anything when on a public repo as everything is public.

Describe alternatives you've considered

Now, I'm not at all well versed in GitHub OAuth but after reading about the different scopes GitHub provides it seems that (no-scope) could work.

I don't know if "repository info" is enough but as public repos are open-source by nature and anyone can see the commit history of such a repo I don't see why an app couldn't do that. An alternative is to switch to a real GitHub app (instead of an OAuth app) where you can choose the amount of access more precisely and use their REST API.

References used:

https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28

[NirmalScaria]

This has already been discussed in #20 And public repo only access level is currently a supported feature. You can choose between "Public repos only" and "Public and private repos" at the initial authorisation page. There is a dropdown on the "Authorise with GitHub" button.

[NirmalScaria]

Also, regarding the usage of REST API, I had initially built the whole extension using REST API and the lack of required API endpoints are painful. There is no API to get all commits from all branches together! And that is absolutely required for this extension to work. That is why the choice was switched to GraphQL.

[Goby56]

But when I try to authorize only public repos it asks for write access as well

Oh and I encountered a visual bug on the auth screen:

Multiple texts seems to be on top of each other.

[NirmalScaria]

The visual bug seems to be caused by some changes on the github styling, on which the extension code depended on. I am getting it solved.