Closed rk9595 closed 3 months ago
The token is passed directly to github's GraphQL API. How could OAuth be used in this case?
Implementing OAuth authentication would allow users to authenticate with GitHub directly, without the need for them to manually create a Personal Access Token (PAT) for the input to the action.
Given that this is a Github Action how would the flow look like?
It could be something like this
client_id
and client_secret
.It does add complexity though, PAT approach is definitely simpler.
Great Project!
I noticed that the project uses Personal Access Tokens (PAT) for authentication. While I understand this approach, I'm curious about the decision not to use OAuth for authentication purposes. From my perspective, OAuth could potentially offer enhanced security and a smoother user experience, especially when handling authentication on behalf of the users.
Could you share the considerations that led to choosing PAT over OAuth? Are there specific challenges or limitations with OAuth that influenced this decision?
Thanks!