Request minimal github access

[mattbishop]

What problem does the feature solve?

When a user "Logs in to Github" to set a comment, they are presented with a scary access request that wants all of their data, including access to all their organizations. This is unnecessary and excessive.

Proposed solution

Is there a subset of information that can be asked for? My readers are complaining that they don't want to give me so much access just to leave a comment.

Alternative solutions

Here is the list of github scopes: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes

Additional context

[meteorlxy]

Hello, thanks for your feedback.

Vssue is always trying to get the minimal access of the platforms.

Of course we have checked the list, but we could only find public_repo that can access issues & comments. Do you have any clue on that?

Here's the related code about the scope:

vssue/packages/@vssue/api-github-v3/src/index.ts

Line 103 in 79e6db3

scope: 'public_repo',

In fact, during the development of Vssue, we found that:

• GitHub: we have to use the public_repo scope
• GitLab: we have to use the api scope: https://vssue.js.org/guide/gitlab.html#create-a-new-application
• Bitbucket: we can use minimal scope as it has fine-grained permission control: https://vssue.js.org/guide/bitbucket.html#create-a-new-oauth-consumer

[meteorlxy]

As this issue could not be solved by Vssue itself, let move to #62 to track it.