search

YahnisElsts / plugin-update-checker

A custom update checker for WordPress plugins. Useful if you don't want to host your project in the official WP repository, but would still like it to support automatic updates. Despite the name, it also works with themes.
MIT License
2.22k stars 403 forks source link

Alternatives to GitHub PATs for long-term authorization? #507

Closed shoelaced closed 1 year ago

shoelaced commented 1 year ago

Are GitHub's classic tokens secure enough for something like this, or could you clarify the minimum needed permissions they need to have for using this with a private repo? For scope-restriction and read-only-access reasons, GitHub's "Fine-Grained" Personal Authorization Tokens are more appealing to me, and they work fine with PUC, but unfortunately they enforce an expiration date that cannot be longer than 1 year. GitHub's docs seem to indicate that creating a GitHub app or oAuth app is preferred for long-term access needs. I haven't the slightest idea how to work with GitHub apps but before I spend tons of time researching it I was wondering if they would even work with PUC, or whether there's any other approach that would allow more long-term access? Or am I overthinking it and it's actually fine to drop a classic token into a WP plugin file?

shoelaced commented 1 year ago

Sorry, just found this comment, so I guess that's the answer.