[nabeelvalley]

thanks for the details - I was looking at the fine grained token but the user would then have to provide me with the the token and then I'd have to store that on my end - since i'm trying to avoid storing any user data that doesn't really play into the structure at all

with regards to the public token thing it's a bit of the same complexity since I would need to know if the repository the user is using is public or private and then configure the OAuth scopes appropriately since I do want to have support for private repos (as that's how I use it currently)

[throwanem]

You could keep a fine-grained token in local storage, maybe. Bit of a headache for multiple device/browser use, but I guess that's the tradeoff - lose adoption to mistrust due to Github making you request overbroad permissions with a classic token, or lose adoption to friction due to Github not yet making fine-grained tokens available in their OAuth grant flow.

It might get easier once fine-grained tokens leave beta. I don't know if OAuth support is on the roadmap for that, but it seems like a natural enough fit I'd be astonished if it weren't.