You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your enhancement request related to a problem? Please describe.
When using external services for export like GitHub Gist or GitLab snippets, a user has to re-enter their access token for that service each time. This requires them to store the token in a secure but accessible place like a password-manager and might not seem intuitive.
Describe the solution you'd like
When initially entering a token and confirming the export, the user should be asked whether the access token may be remembered by the browser securely.
If the user accepts this, a new Credential using the API for the CredentialsContainer will be created. Upon further exports the client checks for the presence of such a stored credential.
Note, that it should be made transparent to the user that the access token will be only stored in their browser but never be transferred to the HedgeDoc server. And in addition that therefore HedgeDoc instance administrators won't have the ability to compromise the user's account.
Describe alternatives you've considered
As storing the tokens in a less-secure way (like localStorage) is no option and it should also not be transferred to the server, there aren't any real alternatives.
Additional context
No response
The text was updated successfully, but these errors were encountered:
Which part of the project should be enhanced?
frontend -> exports to external services
Is your enhancement request related to a problem? Please describe.
When using external services for export like GitHub Gist or GitLab snippets, a user has to re-enter their access token for that service each time. This requires them to store the token in a secure but accessible place like a password-manager and might not seem intuitive.
Describe the solution you'd like
When initially entering a token and confirming the export, the user should be asked whether the access token may be remembered by the browser securely.
If the user accepts this, a new
Credential
using the API for theCredentialsContainer
will be created. Upon further exports the client checks for the presence of such a stored credential.Note, that it should be made transparent to the user that the access token will be only stored in their browser but never be transferred to the HedgeDoc server. And in addition that therefore HedgeDoc instance administrators won't have the ability to compromise the user's account.
Describe alternatives you've considered
As storing the tokens in a less-secure way (like
localStorage
) is no option and it should also not be transferred to the server, there aren't any real alternatives.Additional context
No response
The text was updated successfully, but these errors were encountered: