OAuth access token
simov opened this issue · 4 comments
Just FYI you can use the showcase app of one of my projects - https://grant.outofindex.com/github to get access token for GitHub. It's much safer to use access token then your actual password.
The login process can also be automated to login through my showcase app when the user clicks a button in your own app, and be redirected back to it. The access token will be returned in the querystring from where you can extract it and put it localStorage. But that would require a bit more work I guess.
Anyway, I hope that helps, feel free to close this issue.
Thanks for providing these details. StarTrack-js actually offers both options: either provide username + password or provide GitHub access token, so the user can choose between the two. Please take a look at this screenshot:
Yes, I know. My thinking was that probably a lot of people won't have an access token, and will provide their password instead, which is the worse case. So I wanted to point out an easy way to get an access token.
Got it. That's a good idea however your showcase requires logging in to GitHub and giving authorization for your user to access the StarTrack's users GitHub account, which is also not that safe.
The unique thing about StarTrack-js is that everything runs on the client side so users' credentials aren't sent anywhere (other than GitHub itself for fetching the data)
Well, you need an OAuth app anyway. Me providing one is just a convenience, but I agree that it's also yet another third-party to trust.
The problem is that GitHub supports only this type of OAuth flow that requires a server.
Also note that logging without specifying any scopes explicitly will return a token that have read access only to what's public anyway.
I'm closing the issue, I hope it will help someone getting an access token.