why does use of JSPM_GITHUB_AUTH_TOKEN require public_repo?

jspm / github

Github Location Service

16 stars 43 forks source link

why does use of JSPM_GITHUB_AUTH_TOKEN require public_repo? #89

Closed tamird closed 8 years ago

tamird commented 8 years ago

According to https://developer.github.com/v3/oauth/#scopes, public_repo

Grants read/write access to code, commit statuses, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.

This seems excessive. Why isn't public access sufficient?

tamird commented 8 years ago

Looks like this is because of JSPM attempting to support username/password authentication the same way it supports API tokens. Would you consider a PR that changes this behaviour to API token only?

guybedford commented 8 years ago

I'm not sure what change we can do to alter this?

guybedford commented 8 years ago

(jspm 0.17 may need less access though)

tamird commented 8 years ago

It's not a matter of access - it's not like jspm needs access to my public repos.

This is just a result of how the URL is being crafted. If you used https://developer.github.com/v3/#authentication (https://api.github.com/?access_token=OAUTH-TOKEN) you could just provide the oauth token (you wouldn't need the username at all) and no access would be needed.

guybedford commented 8 years ago

Ahh, well that would make life easier. PR very welcome!