Add support for passing authorization data through the studio plugin #885
Labels
scope: plugin
Relevant to the Roblox Studio plugin
size: medium
status: needs design
Needs more planning before implementation
status: on hold
This is something we're not going to do right now, but might do later.
There should be a setting for pasting in a secret key which is passed with the HTTPS request whenever the Roblox plugin sends a request to sync to the Rojo endpoint.
Example use case: I currently have my Rojo endpoint publicly exposed so that any developer on my team can open their studio and connect to the endpoint at any time to sync in changes (this works especially well if working with people who are in different time zones or are across the world). Since my endpoint is publicly exposed, I need to employ some form of authentication (to ensure my game's data isn't stolen if someone discovers the endpoint), and I currently do this in the form of remote IP verification.
However: there are more security vulnerabilities associated with this form of authentication, it's more tedious to maintain, and can be limited by location.
Instead, it would be better if the Roblox plugin allowed the developer to authorize themselves by passing in a secret key with the request (bonus points if it saves the secret key, just like how it currently saves the endpoint for quicker initialization). Even though this may be a niche use case right now, it ultimately helps open up the plugin to people (like me) who want to use Rojo with public endpoints for speedy collaboration, but are concerned with security.
The text was updated successfully, but these errors were encountered: