Skip to content
This repository has been archived by the owner on Aug 19, 2022. It is now read-only.

Use the user's default browser, not an in-app web flow, for authentication #6

Closed
paced opened this issue May 25, 2021 · 3 comments
Closed

Use the user's default browser, not an in-app web flow, for authentication #6

paced opened this issue May 25, 2021 · 3 comments
Assignees
@paced
Labels
enhancement New feature or request security This is a security issue
Milestone
v0.10.0

Comments

@paced
Copy link
Member

paced commented May 25, 2021

Please explain the problem/why you would want to see a change and any workarounds you might have in place.

Derived from this issue on the original repo. It reads:

I think it's a little bit sketchy to let a 3rd party application like this authenticate FB credentials within its own web-view. I know you guys aren't doing anything with nefarious, but it is a concern UX wise.

Also it's pretty annoying to have to fetch my credentials on FB / remember my password. Would be great if the app could open up the browser with the OAuth link and then poll the response.
@paced paced added the enhancement New feature or request label May 25, 2021
@paced paced added this to the v0.9.0 milestone May 26, 2021
@paced
Copy link
Member Author

paced commented Jul 8, 2021
edited
Loading

This is a really important feature. That being said, the upgrade to the latest Electron version is more important for usability as it immediately identified and fixed some problems people had with the previous app.

As a result, we are moving it to v0.10.0.

@paced paced modified the milestones: v0.9.0, v0.10.0 Jul 8, 2021
@paced paced added the security This is a security issue label Jul 9, 2021
paced added a commit that referenced this issue Aug 17, 2021
@paced
(fixup required) Support default browser auth (#6), allow logging out (
2c98b29 
…#59), and clean up code dramatically

The code clean-up will increase maintainability and allow an easier future transition to a TypeScript codebase
@paced
Copy link
Member Author

paced commented Aug 19, 2021

This is going well. However, the app now needs to run an Express server to listen for the auth key. Probably no big deal, but it's worth mentioning publicly.

paced added a commit that referenced this issue Sep 27, 2021
@paced
Support default browser auth (#6), allow logging out (#59), and clean…
eb6c904 
… up code dramatically
paced added a commit that referenced this issue Sep 27, 2021
@paced
Merge pull request #72 from teaminkling/reshuffle
0035c3a 
Support default browser auth (#6), allow logging out (#59), and clean…
@paced
Copy link
Member Author

paced commented Sep 27, 2021

v0.10.0 implements this.

@paced paced closed this as completed Sep 27, 2021
@paced paced self-assigned this Oct 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@paced paced

Labels
enhancement New feature or request security This is a security issue
Projects
No open projects
Now Playing Roadmap
Status: No status
Milestone
v0.10.0
Development

No branches or pull requests
1 participant
@paced