The GitHub driver already allows for seamless connection to data sources using OAuth. When you log into the developer console and navigate to the apps page, you will find sections for GitHub Apps and personal access tokens. But can these alternatives be used instead of traditional OAuth apps to connect to GitHub?
Yes. Let’s see how each of these works.
GitHub App Authentication
Unlike OAuth apps, which can only act on behalf of a user, GitHub Apps have the flexibility to act either on behalf of a user or independently. This provides users with more control over which repositories the app can access through fine-grained permissions and short-lived tokens. Despite these differences, both OAuth Apps and GitHub Apps utilize OAuth 2.0 and are compatible with the OAuth connection properties when using the CData driver. Even GitHub Apps expose a client ID and client secret, which can be integrated using the existing OAuthClientId and OAuthClientSecret properties.
Personal Access Tokens
There are two types of personal access tokens: classic and fine-grained.
Classic Tokens: These tokens are assigned broad read and write permissions across all repositories and organizations the user can access and can be used indefinitely. For example, the repo scope grants extensive access to all data in private repositories the user can access, without an expiration date.
Fine-Grained Tokens: These tokens offer over 50 granular permissions that can be tailored to control access to GitHub’s organization, user, and repository APIs. Each permission can be set to ‘no access,’ ‘read,’ or ‘read and write.’ For instance, you can create a PAT that only allows reading issues without any other permissions, not even reading repository contents.
In summary, Tokens (classic), Fine-Grained Personal Access Tokens, and OAuth Access Tokens are categorized based on their level of access. All can be directly passed as an OAuthAccessToken to the driver, offering flexible options for connecting to GitHub.
