jonasfranz/staletea
6
8
Fork 2
Code Issues 7 Pull Requests Releases Activity

User Authentication #5

New Issue
Open
opened 2020-02-15 12:58:54 +00:00 by jonasfranz · 2 comments
jonasfranz commented 2020-02-15 12:58:54 +00:00
Owner
Copy Link

There are some open questions regarding authentication and scope.

  • Should we offer staletea only for one instance at a time?
    • Yes: Authentication can be handled via oauth2
    • No
      • Option 1: Every instance need to be registered at the web frontend. This requires creating an oauth2 application for every instance.
      • Option 2: Every users logs in via access token and instance url. This is not as secure as oauth2.
  • Which user should act as the staletea bot? (Write comments, add labels, etc.)
    • Option 1: The user which granted access via oauth2
    • Option 2: An instance specific super-user which has access to all repositories
    • Option 3: An instance specific user which gets acccess to the repositories by the user who grants access via oauth2
There are some open questions regarding authentication and scope. * Should we offer staletea only for one instance at a time? * Yes: Authentication can be handled via oauth2 * No * Option 1: Every instance need to be registered at the web frontend. This requires creating an oauth2 application for every instance. * Option 2: Every users logs in via access token and instance url. This is not as secure as oauth2. * Which user should act as the staletea bot? (Write comments, add labels, etc.) * Option 1: The user which granted access via oauth2 * Option 2: An instance specific super-user which has access to all repositories * Option 3: An instance specific user which gets acccess to the repositories by the user who grants access via oauth2
jonasfranz commented 2020-02-21 15:06:44 +00:00
Author
Owner
Copy Link

Another idea to simplify the process:

The user adds the bot user as a collobrator to the repository they want to activate. There would be no need for a web interface or authentication.

Communication will be handled by issues or emails created by the bot in case of errors. (Any other ideas?)

Another idea to simplify the process: The user adds the bot user as a collobrator to the repository they want to activate. There would be no need for a web interface or authentication. Communication will be handled by issues or emails created by the bot in case of errors. (Any other ideas?)
👍 2
6543 commented 2020-02-23 00:59:04 +00:00
Contributor
Copy Link

this is not a bad idear!

this is not a bad idear!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
feature/without-web
feature/old-stuff
No results found.
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: jonasfranz/staletea#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?