What, you don't trust me with ALL YOUR REPOS? Haha. I know, I mentioned this permissions thing in the blog post. Building it for myself, that scope is the only way I could read contributor stats for my company's private repos. Definitely don't need 90% of the other things, write access especially. Optional private repository access seems like a good solution.
That's what made me not do it. To be fair, I wrote a Github app once where I wanted read access to public and private repos, and I couldn't find anything in the Github API to give me specifically that. I had to request read+write for public+private, which is horribly permissive and gave me access to a bunch of stuff my app didn't need.
Yeah, I wish there were more fine-grained controls for permissions, i.e. just let me access meta-data like stats for repos (because that's all this app really needs).
It doesn't really need write access, but in order for it to fetch the contributor stats, I had to add the "repo" scope to the permissions. Unfortunately, I couldn't see any other way around that. See: https://developer.github.com/v3/oauth/#scopes
This kind of functionality would be cool if github adopted it in-house. Having the read/write access to all public/private repos is a bar that's a bit too high.
15 comments
[ 3.2 ms ] story [ 53.0 ms ] threadHaha, yes this is a pretty high bar of entry.
If you want to take a peek at the dashboard without having to grant GitHub access, here's a screenshot of mine: http://i.imgur.com/ufqifkp.jpg