This is what we're currently doing, but with only 2 tokens currently
Client side fetching of content
No
Users don't need to authenticate Reduces the use of rate of exhaustion of existing github PATs
* Makes retrieving gh issue data more complicated
This method splits the methods we use to obtain data from github, and could cause maintenance issues.
SSO authentication
Yes
Users have their own request limits and heavy users don't cause failures for others Enables write/edit of github issues Can enable conditionally (when existing github PATs are expired) Would allow for removal of any backend code if used wholly
More burdensome for users Not all users are familiar with, or have accounts on, github
Ideally, we do not want to force users to authenticate when visiting the site, and only enable this for power users. We could limit every users' number of requests and request they authenticate via SSO when they reach that limit, or alert users of a need to authenticate when PATs are exhausted.
### Confirmed tasks
- [ ] Ensure client side is fully aware of how many valid PATs are still available
- [ ] Show warning to users when PATs are expired
We have a few routes forward to mitigate this: