bloop icon indicating copy to clipboard operation
bloop copied to clipboard

Published 20 hours ago verified publisher icon BloopAI

no way to give only access to public repositories while authenticating with github

Open kashif-ghafoor opened this issue 1 year ago • 1 comments

Describe the bug I tried to authenticate using GitHub authentication. after providing github device activation code. On authorize bloop page there is no option to select only public repositories while giving access. I have provided the screenshot, where bloop is asking for access of both public and private repositories. is it possible to have option to select if user want to give access to public repositories only or both?

Expected behavior option to select public repositories.

To Reproduce download the app on linux authenticate using github after adding device authentication code authorization page will ask for access to both public and private repositories.

Screenshots or output image

kashif-ghafoor avatar Mar 22 '23 18:03 kashif-ghafoor

Unfortunately, we can't change that. We need access to your repos to be able to sync them. We use a standard GitHub oauth scopes, mainly 'repo' scope (docs). I don't see any easy way to limit it to only public repos. If you do, please share. In any case, we don't sync any repos until you specify which ones you want to index. You can pick only those that are public manually from the list. We don't share a list of your repos with anybody and need it only to show you a select menu.

anastasiya1155 avatar Mar 23 '23 10:03 anastasiya1155

I was now installing bloop myself and ran into similar concerns. To limit to public repos, it seems to me you can use the public_repo scope (or maybe even no scope at all might work?). I haven't tried it, but from the docs page it seems that's the case.

My other concern is the write access given. I'm a bit reticent to giving write access to my repos just to try out an app. Maybe there are some features in bloop that require write access? I'm not sure, because I haven't yet tried it due to this.

It seems there is no scope for read-only access to private repos (see https://github.com/jollygoodcode/jollygoodcode.github.io/issues/6), but there is a newish feature for setting permissions granularly (see the blog post). Although it doesn't seem very user-friendly; as far as I can tell you can't get them in an oauth workflow, the user would need to create the token with the correct permissions and give it to bloop.

It would be cool if you implemented bringing your own personal access token as an alternative to oauth :)

dcferreira avatar Apr 22 '23 15:04 dcferreira