In sigma/magit-gh-pulls#5 I noticed that some basic operations (listing pull-requests for a public repo) were asking for my github password, when the necessary API calls don't actually require authentication. I haven't studied gh.el carefully enough yet, but I get the sense that all calls are using password/OAuth authentication, whether they really need it or not.
It'd be nice if it didn't ask for a password unless really necessary. For magit-gh-pulls, I think I should be able to list, fetch, branch, and merge, without any special github credentials. (when I finally push my merged branch upstream, I'll need something, but that's the responsibility of the forked git command, nothing new).
I don't deal with private repos very often, so I suspect I don't have as much of a need for authenticated API calls as some folks do. I imagine most checkouts are either in "every API needs authentication" mode (for private repos) or "no APIs need authentication" (for public repos, at least for some operations). I guess one option would be to try the operation without auth, and only ask for creds if it fails. Or maybe put a flag in .git/config to indicate whether the repo is private or not, and then only ask for creds if it's a private repo (or if you're hitting an API that requires auth either way, like.. well, like anything with side-effects: gh-repos-star, gh-repos-fork, etc).
In sigma/magit-gh-pulls#5 I noticed that some basic operations (listing pull-requests for a public repo) were asking for my github password, when the necessary API calls don't actually require authentication. I haven't studied gh.el carefully enough yet, but I get the sense that all calls are using password/OAuth authentication, whether they really need it or not.
It'd be nice if it didn't ask for a password unless really necessary. For magit-gh-pulls, I think I should be able to list, fetch, branch, and merge, without any special github credentials. (when I finally push my merged branch upstream, I'll need something, but that's the responsibility of the forked
gitcommand, nothing new).I don't deal with private repos very often, so I suspect I don't have as much of a need for authenticated API calls as some folks do. I imagine most checkouts are either in "every API needs authentication" mode (for private repos) or "no APIs need authentication" (for public repos, at least for some operations). I guess one option would be to try the operation without auth, and only ask for creds if it fails. Or maybe put a flag in
.git/configto indicate whether the repo is private or not, and then only ask for creds if it's a private repo (or if you're hitting an API that requires auth either way, like.. well, like anything with side-effects: gh-repos-star, gh-repos-fork, etc).