Skip to content
This repository has been archived by the owner on Apr 26, 2019. It is now read-only.

Keep github oauth tokens on the client side #40

Closed
tpatja opened this issue Mar 15, 2017 · 0 comments
Closed

Keep github oauth tokens on the client side #40

tpatja opened this issue Mar 15, 2017 · 0 comments
Labels
enhancement

Comments

@tpatja
Copy link
Contributor

tpatja commented Mar 15, 2017

User Story

As a user, I expect commiteth to respect my privacy and not store my github oauth token on the server.

Description

Type: Enhancement

Summary: There should be no need to store github oauth tokens on the server.

Solution

  • after successful redirect to commiteth.com, pass token to client-side and put it in localStorage on the client, avoiding the need to store the token on the server
  • each commiteth HTTP API call that uses functionality in the github API requiring the user's token should be passed the token (we use ssl, so no security issue here)
tpatja added a commit that referenced this issue Mar 22, 2017
@tpatja
Progressive Github permissioning & client-side oauth tokens
3f0ff56 
* require only user:email oauth scope when signing up
* if user wants to set bounties on repos, request additional oauth
  scopes
* do not store github access tokens on server side and use client-side
  localStorage instead

Fixes: #35
Fixes: #40
@tpatja tpatja mentioned this issue Mar 22, 2017
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tpatja