Closed tamird closed 8 years ago
Looks like this is because of JSPM attempting to support username/password authentication the same way it supports API tokens. Would you consider a PR that changes this behaviour to API token only?
I'm not sure what change we can do to alter this?
(jspm 0.17 may need less access though)
It's not a matter of access - it's not like jspm needs access to my public repos.
This is just a result of how the URL is being crafted. If you used https://developer.github.com/v3/#authentication (https://api.github.com/?access_token=OAUTH-TOKEN
) you could just provide the oauth token (you wouldn't need the username at all) and no access would be needed.
Ahh, well that would make life easier. PR very welcome!
According to https://developer.github.com/v3/oauth/#scopes,
public_repo
This seems excessive. Why isn't public access sufficient?