Open TheSecMaven opened 3 years ago
TheSecMaven
commented
3 years ago However, we can read the issues that a user makes or does things on in an org. So we could schedule a job to go hit the api, pull that info, and build the list of reminders.
TheSecMaven
commented
3 years ago Also worth noting, we can get a webhook for issue comments from github, but again if its a comment in an org, it won't get sent to us unless that org has authorized our app.
TheSecMaven
commented
3 years ago So if we are going to get this to be used, we would need orgs to adopt it as well. how can we appeal to them to do this?
TheSecMaven
commented
3 years ago Without orgs adding the app, we could only schedule comments for user repos, or show the list of things the user asked us to remember on our site
TheSecMaven
commented
3 years ago huge save, switched to Oauth app instead of github app, oauth app is given access to post as a user, not as an application on the users behalf. So i can now comment on and create issues in other public repos in orgs, and the only way to comment on/create issues in private org repos, the app has to be given extra access. so this solves the issue for at least the majority use case, which is public repos
TheSecMaven
commented
3 years ago https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#creating-multiple-tokens-for-oauth-apps says we need to store the tokens we get basically, otherwise the new ones will overwrite the old ones at some point. for this reason, i started looking at getting SSO using already made accounts like gmail or outlook, so a user could sign in with those accounts, then link to github, and we could simply store the token association for github with that account. link to google: https://developers.google.com/identity/sign-in/web/sign-in#add_a_google_sign-in_button msft stuff is on the issue #2
The dream is this: Schedule a comment on a issue to be posted at a specific time, or send me a reminder about it in a certain time span.
Github API has issues endpoint, create a comment though only works in user repos that the app is authorized, if commenting in an org that org needs to authorize your app in the org.