joaomoreno
commented
3 years ago From the user's perspective, this is VS Code functionality and they never installed a GitHub extension.
Makes sense ✔️
Closed digitarald closed 1 year ago
joaomoreno
commented
3 years ago From the user's perspective, this is VS Code functionality and they never installed a GitHub extension.
Makes sense ✔️
0cjs
commented
3 years ago I'm not clear on why it's asking for a login at all, at times. My first experience with web VSCode was clicking "Open Remote Repository," giving it https://github.com/0cjs/8bitdev, and being told that I must give VSCode some sort of access to my GitHub account for no reason at all. (git clone on that URL pulls down the whole repo without problems; no authentication is necessary.) Even if I were inclined to to immediately give this application access to my GitHub account, I wasn't inclined to log in to GitHub at all on the not-well-trusted machine I happened to be using at the time.
The initial user experience probably should not be, "give us access to sensitive stuff that we don't actually need so you can see a simple demo."
digitarald
commented
3 years ago @0cjs the issue for your comment is tracked in https://github.com/microsoft/vscode-remote-repositories-github/issues/14 .
0cjs
commented
3 years ago @digitarald Right, that one seems to be closed in favour of #124573, but thanks for the link that eventually got me there. Perhaps this should be marked as a duplicate of #124573 as well, since there seems to be a single good solution that fixes all of these (always pull without authentication when possible, and ask for authentication only when pushing—note that this normally requires split pull/push URLs).
joyceerhl
commented
3 years ago Note that without authentication, we can easily run into GitHub API rate limits (60 calls / hour), and that's the primary reason that we do not support unauthenticated access to repos at the moment.
0cjs
commented
2 years ago Yes, but the OP is just trying to clone the repo, which (as I mentioned in my other comment) doesn't require GitHub's proprietary API. (git clone works just fine without using GitHub's API.) So why not just clone the repo the way you'd clone a repo from another, non-GitHub source?
joaomoreno
commented
1 year ago @TylerLeonhardt I couldn't find a "allowed extensions to login to specific auth providers" mechanism. Do we have one?
TylerLeonhardt
commented
1 year ago @joaomoreno it's in the project.json now. You shouldn't see this in stable or insiders. Not sure if we wanna go adding this to the OSS product.json... maybe since it's built-in:
"trustedExtensionAuthAccess": [
"vscode.git",
"vscode.github"
],Oh this is only specific to code-oss. We already do this for stable and insiders. I suggest closing this issue.
I was reviewing the clone repo flow. In usertesting had a few cases where this was really exciting for users to discover.
One odd aspect is the permission dialog that made me pause in his otherwise extremely smooth flow:
Why does a built-in extension ask for permission? From the user's perspective, this is VS Code functionality and they never installed a GitHub extension.