Auth security and UX improvementsΒ #114
Description
Given that running rad auth unlocks the identity OS-wide in the most popular setups with ssh-agent and the fact that we automatically store the user's passphrase (albeit safely in VS Code's vault), we should augment our auth flow to better as follows:
- communicate to the user that we can securely store their passphrase for their convenience
- try to also communicate the availability of a related command to de-authenticate, clearing any stored passphrase and locking ssh-agent
- only store the user's passphrase after the user has explicitly selected to do so
- by default don't store the passphrase permanently. Use it to perform whichever task prompted its recall and upon task completion (success or failure) erase it from memory
- if the extension auto-unlocked the identity on initialization then it should also auto-lock (without clearing the stored passphrase) before exit
- add a new command in the palette to authenticate any time at will.
- the (de-)auth commands should be (un-)available according to the current auth status
- (optional) show auth status on the UI
- perhaps show the alias (or DID as fallback) with a radicle/person icon on the statusbar. On click it could copy the DID or have additional options like (de-)auth.