Can't opt out of giving Che OAuth access to GitHub, even for public repos

[amisevsk]

Describe the bug

Since eclipse-che/che-server#301, Che will always prompt for OAuth access and use this if granted to simplify user setup. However, Che will refuse to start workspaces from public GitHub repos unless full read/write access is granted, even for public repos. If a user doesn't want to grant this access to Che, the workspace start fails with a plaintext page that says

Authentication failed: access_denied

Che version

next (development version)

Steps to reproduce

1. Attempt to open factory url from github, e.g. https://github.com/che-samples/golang-example/tree/devfilev2

Expected behavior

If OAuth isn't granted, Che should fall back to an unauthenticated flow.

Runtime

OpenShift

Screenshots

Installation method

OperatorHub

Environment

Linux

Eclipse Che Logs

No response

Additional context

Original issue: #21346

[benoitf]

Hello, setting as P2 for now.
Note sure how to handle the bug. Because I assume #20583 means that if oAuth is there then you need to accept the privileges to continue.
The whole story is to be authenticated as soon as you're using the product using oAuth.

cc @l0rd for adjusting the priority

[l0rd]

This issue has been associated to this Dev Spaces issue but my understanding is this issue is about a Che cluster where OAuth has been configured whereas CRW-3201 is about a Dev Spaces cluster where OAuth has NOT been configured.

For this particular issue: we have sacrificed the UX for users that won't trust Che (a minority I hope) to improve the UX for users that want to git push from their workspace (the majority I hope). So all in all we have made some progress.

And yes, it would be cool to fix the problem for those that won't trust Che but:

1. the fix we should not affect the UX of those that want to git push from a workspace
2. a workaround exist: create a secret with the personal access token