I’m trying to upgrade an old Wordpress plugin that lists a user’s latest commits on their website. It was very straightforward with github API v2, but v3 is making it a whole lot more complex.
Feature-wise, it’s very simple: when the plugin is running, it lists the commits on the Wordpress site, and automatically refreshes its content every N minutes (configurable by the Wordpress admin). The administrator just needs to set it up once and it figures out when to re-query github to get the latest data.
But with github API v3 any request to get even public data requires the OAUTH token. After reading over their docs again and again, it appears that it can’t be automated to work the way I want.
First, I don’t want to store the user’s github password anywhere (because it would need to be encrypted two-way to be used in the API calls, which isn’t safe enough), so the basic authentication method is out. Which leaves the “Web Application Flow” example here (http://developer.github.com/v3/oauth/). But that involved redirecting the actual user to github to accept the request. This is no good either.
Am I misunderstanding anything, or is it simply not possible to re-create the plugin to work as it currently does?
Please let me know if I’m not clear on anything!