You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before voting, please let me make my case here. This is not some massive feature, but it gives a large payoff for usability. In it's current state, I am not surprised if Obtainium mostly attracts people who are already familiar with GH and development, but as it gets bigger, more and more users, who you will see already, will be attracted who are unsure about that, or don't understand the personal access token, or are confused when it expires automatically.
Also, it adds quality-of-life because with oauth and an app token you can refresh the session with the stored credential token. It can automatically update the key. And it makes means less liability by setting the fine-grained permissions, rather than relying on the user to do and understand this; as well as telling them what permission does (i.e. personal access to private repos, however rare, but most don't need that).
As Obtainium gets bigger, more people will run up against this, and hit the roadblock of unauthenticated API access.
It could also be seen as a liability because users can give you (the app) access to anything through a personal access token. It's not impossible for a github api proxy to leak that, or malicious code to be injected, either before or after release; applying the scoped oauth reduces this damage possibility.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Before voting, please let me make my case here. This is not some massive feature, but it gives a large payoff for usability. In it's current state, I am not surprised if Obtainium mostly attracts people who are already familiar with GH and development, but as it gets bigger, more and more users, who you will see already, will be attracted who are unsure about that, or don't understand the personal access token, or are confused when it expires automatically.
Also, it adds quality-of-life because with oauth and an app token you can refresh the session with the stored credential token. It can automatically update the key. And it makes means less liability by setting the fine-grained permissions, rather than relying on the user to do and understand this; as well as telling them what permission does (i.e. personal access to private repos, however rare, but most don't need that).
As Obtainium gets bigger, more people will run up against this, and hit the roadblock of unauthenticated API access.
It could also be seen as a liability because users can give you (the app) access to anything through a personal access token. It's not impossible for a github api proxy to leak that, or malicious code to be injected, either before or after release; applying the scoped oauth reduces this damage possibility.
3 votes ·
Beta Was this translation helpful? Give feedback.
All reactions