jasonnutter
commented
6 years ago @adrienjoly You should only need the repo scope.
Closed adrienjoly closed 6 years ago
jasonnutter
commented
6 years ago @adrienjoly You should only need the repo scope.
adrienjoly
commented
6 years ago Thanks for your reply, jasonnutter!
Assuming that the feature branch was already pushed by the developer to the repository, wouldn't it be enough for the vscode extension to open https://github.com/<author>/<repo>/compare/<branch> in the web browser? (that's what SourceTree does when I ask to open a new pull request from one of my branches)
In that case, I believe that no token nor permissions would be required by the extension, or would they?
jasonnutter
commented
6 years ago In that case, no, but one of the key features of this extension is to open the PR for you using the Github API, which is why you need the token (the repo scope is needed for private repos).
adrienjoly
commented
6 years ago That makes sense! Thanks for the clarification! :-)
Feel free to close this issue.
jasonnutter
commented
6 years ago I'll make sure to make this clearer in the REAMDE in the next set of updates.
Hi!
When creating a token to give access to my GH repository for your extension (https://github.com/settings/tokens/new), I'd like to provide as few permissions as possible.
=> What scopes should I absolutely check?