Use the GitHub API and OAuth

[imjasonh]

Using the API will keep you from being broken if GitHub changes their page layout, and OAuth will let users get notified for private repos.

[imjacobclark]

@ImJasonH

Private repositories are supported and users do get notifications for them through GitHub Notifier currently!

I chose to scrape the website over the GitHub API to prevent users from having to input their GitHub oAuth tokens when they're already signed in through the browser. Satisfying security concerns with entering oAuth tokens into third party applications.

Whilst GitHub changing their DOM is a concern, it happens rarely, and when it does, GitHub provide warning and early access before they roll it out.

oAuth isn't something I plan on implementing at this stage.

[imjasonh]

My mistake, I didn't realize that private repos were supported.

Using the API doesn't require users to input a secret token, you can do OAuth in an extension, see https://github.com/sindresorhus/notifier-for-github-chrome/issues/57 which I recently filed on a similar extension. This lets users logged in to GitHub programmatically send a token to your extension, then the extension can securely store it using chrome.storage.

The issue with scraping pages is that if GitHub changes their layout, which they will do without warning, your extension will break. They have no obligation to warn about DOM changes. This is what the API is for, programmatic access to user data.

[imjacobclark]

@ImJasonH

I didn't realise that was possible with Chrome extensions. I'm going to tag this as an enhancement and take a look at it over the next week or so.

If you'd like to work on this let me know and I shall assign it to you.

Thanks for the explanation!

:+1:

[danbovey]

:+1:

Also it would help with managing which repos the user gets notifications for