Could you either switch to using “Deploy Keys” or upgrade from an OAuth app to a GitHub App for the GitHub integration? I’m asking because currently, I have to grant M.B full read/write access to every public repository on my GitHub account in order for it to archive my blog.
I wish there was a way with GitHub OAuth to grant access to only a specific repository. As you noted, we do only ask for public repositories so that it’s impossible for Micro.blog to access any private data. Micro.blog will never touch any repository except the repository name that you put in your settings.
We can look at GitHub Apps in the future or other ways to lock it down more. If you want Micro.blog to be completely isolated you could create a separate GitHub account just for the blog archive, too.
For GitHub OAuth apps, yes it’s all or ń̥o҉̙̻̖̲̮͓̩̀t̵̬̳͔ḩ̡̪͇͈i̼̦̮̙͝n̸̸̲̲͍̟g͏̭͖̠̩̭. There’s an entire other category that they call GitHub Apps, which are per-repository. I’m under the impression that it’s not too difficult to convert from one to the other.
As an alternative, not using the GitHub API at all, you could use “deploy keys” which give per-repo permission and would mean you could integrate with other hosted-git services.
I’m sorry for bumping this one year old topic, but the issue seems to be still there.
I was wondering, is the possibility of using Fine Grained access tokens a viable option?
I would gladly generate a token with read/write access to my github repo with a blog, but I’m a bit hesitant of providing such access to my entire account.
Thank you for building a great product!