Support for manually created GitHub fine-grained Personal Access Tokens #24
tobiasglaeser
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I read about this tool in the Thoughtworks Tech Radar 31 and think it would perfectly augment our teams "everything is on GitHub" workflow. However, I am also hesitant about the OAuth permissions requiring very broad (write-) access due to the limitations of GitHub OAuth (as discussed already in #8 and #4).
As an alternative to standard OAuth, I'd like to propose the use of manually created GitHub fine-grained Personal Access Tokens. They allow to limit access on per-repo basis (also supporting repos within GitHub orgs) and also provide a dedicated "Actions: Read-Only" scope (see here).
I'm not sure how much the token creation process could be automated though. For starters, I think a manual "paste your fine-grained PAT here" approach in the CCMenu settings would be a sufficient solution already for teams that have strict access constraints.
Beta Was this translation helpful? Give feedback.
All reactions