Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

personal access token should only use public_repo scope by default #67

Open
Dentrax opened this issue Nov 3, 2021 · 1 comment
Open

personal access token should only use public_repo scope by default #67

Dentrax opened this issue Nov 3, 2021 · 1 comment
Labels
enhancement help wanted

Comments

@Dentrax
Copy link

Dentrax commented Nov 3, 2021
edited
Loading

Thanks for such a nice project!

From the security perspective, I think it had better to check only public_repo access by default when we click the Generate One link.

I in this case, we can replace the following link:

- https://github.com/settings/tokens/new?scopes=repo&description=GitHub%20Issue%20Link%20Status
+ https://github.com/settings/tokens/new?scopes=public_repo&description=GitHub%20Issue%20Link%20Status

Also, It's worth to mention if someone wants to use this extension in the private repositories, we can mention that by saying something like: "To use this extension in the private repositories, consider give repo scope to use."

Wdyt?

Screen Shot 2021-11-03 at 22 03 31

Screen Shot 2021-11-03 at 22 03 59
@fregante
Copy link
Owner

fregante commented Nov 4, 2021
edited
Loading

I'd love to copy this UI to this repository:

In reality, no scopes are required to read public information.

PR welcome

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fregante @Dentrax and others