Should use OAuth for authentication #266
Assignees
Comments
|
I agree that OAuth is definitely much better. However, currently github doesnt allow CORS access to its OAuth API. Don't think having Electron and Octokit can bypass this restriction. |
|
CORS can be disabled in Electron. See here (search for I haven't exactly thought this through, but my gut feeling tells me there aren't really major security implications in this case, since no "untrusted" code is run in the Electron browser. (Assuming you trust the thousands of dependencies brought in from |
|
I agree... should really consider integration with OAuth for proper security management. |
|
Close via #291 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This app should really use OAuth for authentication, instead of using the username and password directly. I would very much prefer if the OAuth web flow were used, but the OAuth non-web flow is still better than the current situation.
Since it's built on Electron using Octokit, it should be rather trivial to do so.
This also means the app will be able to handle 2FA properly.
The text was updated successfully, but these errors were encountered: