Github app vs github oauth app #34
Replies: 3 comments
-
I actually started this as a GitHub App, but realized halfway through that it would be pointless because (from what I understand):
I plan on actually using a GitHub App for the pro features, for example allowing users without a GitHub account to login with their email address (since I don't need to impersonate them), or triggering scheduled tasks. Final (important) point: I support Fine-Grained Personal Access Tokens which basically allow you to pick specific repos/orgs/permissions, even more granular than the permissions presented to you in the GitHub App flow. It seems it's not obvious to most users though, probably because it's a new-ish feature from GitHub, and it's not super intuitive. I'll probably change it for button that reads something along the lines of "I can't give you that much access" and then guide the user through the process in a modal. BTW, I explain this very point on the front-page in the FAQ:
|
Beta Was this translation helpful? Give feedback.
-
Thanks for the detailed response. I just found this repo yesterday and was able to self host it and also translate my tina cms config to the yaml , all in under an hour. So super happy with it. I also noticed in the demo that you used forestry.io in the past , so must have tried tina and i can see the reason you felt the need to write your own CMS , i was planing to do something similar in Vue myself , so very pleased to run into this project. Going back to the topic at hand, would it to be right to say you wanted to use individual OAuth tokens or personal Access token because it would be easier to implement and wouldn't require storing anything. Thank you for all your work on this project. 💯 |
Beta Was this translation helpful? Give feedback.
-
It all boils down to the need to impersonate commits so that it shows as your own commits in GitHub. This requires OAuth token no matter what. A GitHub App wouldn't allow impersonation, the commits would show in GitHub as "Pages CMS". |
Beta Was this translation helpful? Give feedback.
-
May is suggest using github app , vs github oauth app when setting up the project , so that when collaborators are added they wont have access to the entire repo.
I am sure you must have thought more about this , and the collaborators would probably just have a short lived token stored in a KV store or some other approach instead of requiring them to have a github account and giving them full access.
I am just trying to think about what could be the reason for choosing A vs B.
Great project by the way. 🚀
Beta Was this translation helpful? Give feedback.
All reactions