Vscode-gitlens: Connect to Github notification is noisy

Or, at least, add an option "don't show again" or something..

When are you seeing this? I would only expect it to show once, if you accept, for each machine (since I don't think we sync the auth). And once for each workspace, if you reject.

@sandy081 The reason I am showing this notification, is because without it the user just gets an allow authentication access prompt (from the built-in vscode auth) and they wouldn't know why.

Now that I checked, I think one time for each project.

@moshfeu are you rejecting? or accepting?

Rejecting 😳

Ah, so you want an always reject? Curiously, why don't you want it to connect to GitHub?

For now.. I use to reject requests until I need the feature. Nothing personal :)

No worries, just curious. And FYI, the connection provides many passive features -- GitHub avatars, richer issue linking in hovers, rich PR linking in views, hovers, and annotations.

Thanks! I really like this extension and I'll probably connect Github soon.

Ah, so you want an always reject? Curiously, why don't you want it to connect to GitHub?

Personally, I opted out once I saw the permissions requested 🤯

I have the same question.
I just want to see blame message from git history, I don't want to see pull requests or something else.
Can provided an global option to disable connect to GitHub, if anyone want to disable it, just opt out.

Hello, experiencing the same. I keep getting notified on each VSC start, and it's irritating.

I also find the "Cancel" option (button) confusing, but this is a general UX design problem: does it mean "confirm negative intention" (in this case, don't show warning anymore), or "close widget without applying any change" (in this case, show warning again next time)?

Use case: my usage of GitLens is very limited, as I'm a heavy terminal user; additionally, as a general systems administration practice, I don't give permissions to services I don't require. Therefore I don't benefit from authorizing a remote connection.

Yeah, I will definitely be adding a way to completely opt-out soon. Sorry for the inconvenience.

Yeah, I will definitely be adding a way to completely opt-out soon. Sorry for the inconvenience.

Thank you for the addon, it's impressive! :smiley:

@eamodio

The reason I am showing this notification, is because without it the user just gets an allow authentication access prompt (from the built-in vscode auth) and they wouldn't know why.

I think auth feature of VS Code shall be able to handle the UI instead of each extension come up with its own. I would request not to do this (any custom UI or notifications for authentication) instead please raise your concerns with auth feature to handle your request.

@RMacfarlane FYI

It's showing every time I open a new workspace for me.

Ah, so you want an always reject? Curiously, why don't you want it to connect to GitHub?

I'm behind a corporate proxy and we use Github Enterprise so i can't use it here.
See https://github.com/eamodio/vscode-gitlens/issues/1210

why don't you want it to connect to GitHub?

The requested authorization is WAY too permissive

This is much different than allowing me to initiate and control actions from my machine (via ssh keys etc) . Wont this generate an authorization that can be used offline, from their servers, without additional consent/initiation?

@MaerF0x0 Unfortunately currently the VS Code authentication APIs (because of limitations with GitHub auth) don't allow for any permission scopes less permissive than what I'm currently asking for (the repo scope) -- I wish I could just ask for read-only access, but that isn't currently possible.

Can you please verify this fix in tomorrow's insiders edition? Be sure to disable/uninstall the stable version of GitLens first.

You can install the insiders edition from here.

I've reworked the notifications a bit to be clearer and added a "don't ask me again" type option. Unfortunately there still is 1 extra notification in certain cases, but that is because of https://github.com/microsoft/vscode/issues/111529. So once that gets fixed I can remove it.

@eamodio is it possible that I can generate my own token w/ pared down scopes to provide to the plugin via the settings.json?

to be honest I basically use gitlens in a read only fashion -- to see git praise, to check out branches, commit log etc.

That way it can only run from my machine too?

I believe so -- during the VS Code auth flow (when it opens the browser window), I believe there is an entry in the statusbar that you can click that will prompt for a PAT. But I don't believe you can create a PAT with any less scopes than I am currently asking for -- because repo info, prs, issues etc are all under the repo scope.

@eamodio try checking out the personal access token new page, there are lots and lots of options... I understand that vscode may not have the hooks to allow you to generate one for us, but maybe we could just generate a limited access one to use?

https://github.com/settings/tokens/new

Yes, but as I said -- the ONLY scope on that page that lets you get to repository information -- including PR & Issues -- is the repo scope -- and there is nothing more granular. If there was -- I would be asking for it -- since those are the exact same set of scopes I am choosing from.

@eamodio is it possible that I can generate my own token w/ pared down scopes to provide to the plugin via the settings.json?

to be honest I basically use gitlens in a read only fashion -- to see git praise, to check out branches, commit log etc.

That way it can only run from my machine too?

I raised https://github.com/eamodio/vscode-gitlens/issues/1210 for exactly this. It’s not possible for us to use the authentication feature because we’re on enterprise and VSCode takes me to GitHub. Letting me
provide a token would fix this.

The VS Code team is trying to auth with GitHub using a GitHub app (rather than tokens) which should offer great granularity in permission requests, but we are currently blocked because of a bunch of technical limitations. So until those get unblocked there isn't much that can be done unfortunately :cry:

@jasonwilliams Try the steps here: https://github.com/eamodio/vscode-gitlens/issues/1208#issuecomment-739052899 but again your PAT would have to have the repo scope for things to work.