click here to create a issue in this repository
expose any user that opens a malicious repository on gitpod
getting this token depending on the configuration level and it is possible to list, edit or delete any project, issue or organization
extremely simple, only a proxy that intercepts and searches for basic authentication tokens on all requests
I have two ideas:
only a modal requesting authorization or to type password of git provaider
the gp credential-helper generate or fetch with the supervisor's api a temp gitpod token and a proxy (outside of pod) translates that token into the git provider token (filtered by git agent)
