github-issue-link-status personal access token should only use public

personal access token should only use public_repo scope by default

Open Dentrax opened this issue 3 years ago • 1 comments

Thanks for such a nice project!

From the security perspective, I think it had better to check only public_repo access by default when we click the Generate One link.

I in this case, we can replace the following link:

- https://github.com/settings/tokens/new?scopes=repo&description=GitHub%20Issue%20Link%20Status
+ https://github.com/settings/tokens/new?scopes=public_repo&description=GitHub%20Issue%20Link%20Status

Also, It's worth to mention if someone wants to use this extension in the private repositories, we can mention that by saying something like: "To use this extension in the private repositories, consider give repo scope to use."

Wdyt?

Screen Shot 2021-11-03 at 22 03 31

Screen Shot 2021-11-03 at 22 03 59

Nov 03 '21 19:11 Dentrax

I'd love to copy this UI to this repository:

https://github.com/refined-github/refined-github/pull/3774
https://github.com/refined-github/refined-github/pull/4207#issuecomment-814621346

In reality, no scopes are required to read public information.

PR welcome

Nov 04 '21 10:11 fregante

github-issue-link-status github-issue-link-status copied to clipboard

personal access token should only use public_repo scope by default

github-issue-link-status
github-issue-link-status copied to clipboard