Request minimal github access - Githubissues

meteorlxy / vssue

:mailbox: A Vue-powered Issue-based Comment Plugin

https://vssue.js.org

MIT License

770 stars 106 forks source link

Request minimal github access #39

Closed mattbishop closed 4 years ago

mattbishop commented 5 years ago

What problem does the feature solve?

When a user "Logs in to Github" to set a comment, they are presented with a scary access request that wants all of their data, including access to all their organizations. This is unnecessary and excessive.

Proposed solution

Is there a subset of information that can be asked for? My readers are complaining that they don't want to give me so much access just to leave a comment.

Alternative solutions

Here is the list of github scopes: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes

Additional context

meteorlxy commented 5 years ago

Hello, thanks for your feedback.

Vssue is always trying to get the minimal access of the platforms.

Of course we have checked the list, but we could only find public_repo that can access issues & comments. Do you have any clue on that?

Here's the related code about the scope:

https://github.com/meteorlxy/vssue/blob/79e6db3b32021ef8ba5502e026340d988e5e7a3f/packages/%40vssue/api-github-v3/src/index.ts#L103

In fact, during the development of Vssue, we found that:

GitHub: we have to use the public_repo scope
GitLab: we have to use the api scope: https://vssue.js.org/guide/gitlab.html#create-a-new-application
Bitbucket: we can use minimal scope as it has fine-grained permission control: https://vssue.js.org/guide/bitbucket.html#create-a-new-oauth-consumer

meteorlxy commented 4 years ago

As this issue could not be solved by Vssue itself, let move to #62 to track it.