[CHORE] Document Required GitHub Personal Access Token Scopes

[Sayvai]

Description

When creating a new GitHub Personal Access Token, I struggled to know and figure out what the bare minimum personal access token scopes I needed to set read-only permissions to.

I believe the Octotree Guide page should 👉 list the scopes that is required to be to set to read-only 👈 , before generating a unique token, to then re-use within the Settings panel of the Octotree browser extension to successfully access GitHub repository contents.

This would resolve the problem for myself (and others) in generating tokens without the correct scope settings, and having to go-back-and-forth between GitHub token generation until the correct token is generated and working with Octotree browser extension.

Also, the scope should cover both GitHub Personal Access Token types:

• Fine-grained tokens (beta)
• Tokens (classic)

Note I managed to successfully generate a new GitHub personal access token using the Fine-grained tokens (beta) type on first try, luckily selecting the right scope options this time, which doesn't include the option to never expire for security reasons.

And so given that, I know I will have to repeat the token generation process again in future, and hope to remember the correct scopes to set on first attempt again, unless it is documented, which would make it efficient easier for me for next time 😅

Environment

• Octotree version: 7.9.2
• Browser & version: Chrome 114.0.5735.133
• OS & version: Mac OS Ventura 13.4 (22F66)
• Console error log below this line: N/A
• Paid subscriber: Yes

[danhgit]

@Sayvai thanks for your idea and sorry for taking long to respond. I've updated the guide with more information about creating tokens. If you have any suggestion to improve the guide, please let me know.

[Sayvai]

Thanks @danhgit 🙌

For the benefit of others who may come across this issue page, then i copy and paste the current instructions excerpt from the guide at the time of this comment as an additional reference, should those instructions ever be moved: 👇

2. Manually input GitHub Personal Access Token You can create either a fine-grained token or classic token (see more below), then paste it into the token textbox in the extension's Settings screen. If you login via GitHub OAuth and also provide personal access token, the latter is used. If you have multiple GitHub accounts with access to different private repositories, Octotree supports multiple GitHub accounts. Learn more about Personal Access Tokens.

   a. Fine-grained Tokens

   Click here to generate a fine-grained token Enter token name, expiration and add these permissions: All repositories OR choose specific repositories Repository Permissions > Contents: read-only Repository Permissions > Metadata: read-only Repository Permissions > Pull Requests: read-only Note: to access organization repositories, the organization admin must enable access via tokens. See this guide.

   b. Classic Tokens

   Click here to generate a classic token Enter expiration and pick 1 of these permissions: repo: if you want Octotree to work for private repositories public_repo: if you want Octotree to work for public repositories