Open abitrolly opened 1 month ago
Write access is needed to mark as read (actually mark the todo as done). Ideally GitLab would have a more fine grained scopes but is not the case.
@rafaelmardojai I've seen ongoing work to change how access tokens are managed, still not sure how fine grained the controls would be.
If I don't want to mark things as read from the app, and my profile is public, do I need the token at all?
@abitrolly It should fail silently and the notification will stay in the app window, the app should be smart enough to not re-send a notification, so yeah, the app should work without mayor problems if you just use the read_api
scope.
Why write
api
permissions is needed for GitLab? Wouldread_api
be enough?Or maybe it is possible to add ForgeFed protocol to GitLab and
api
tokens won't be required?