Git Product home page Git Product logo

Comments (4)

sitiom avatar sitiom commented on May 23, 2024 1

The thinking behind getting a token and not using OAuth flow was that Komac is very very new in this world, and people generally don't trust giving their account access to an unknown OAuth application.

It's the same thing as giving your PAT to an unknown application. I don't see why that would be the reason.

from komac.

vedantmgoyal9 avatar vedantmgoyal9 commented on May 23, 2024

The thinking behind getting a token and not using OAuth flow was that Komac is very very new in this world, and people generally don't trust giving their account access to an unknown OAuth application. Once Komac gets popular, and normal contributors start preferring Koamc over YamlCreate and WinGet-Create, we can add it as a feature that will work side-by-side with the normal storing of a token in the Credentials store. This way, (privacy/security)-concerned people will have the option to just give a token, and also have an optional choice to use a more convenient OAuth flow. As of now, I think we should look more into testing and finding bugs in manifest creation, and this issue can be postponed for a while.

from komac.

vedantmgoyal9 avatar vedantmgoyal9 commented on May 23, 2024

OAuth application can access some of the private information, which is not possible by just using a PAT.

from komac.

russellbanks avatar russellbanks commented on May 23, 2024

I could do but as @vedantmgoyal2009 said, my concern is I'm not a big corporation like Microsoft so it's difficult to people to trust a GitHub app from a sole developer. I could always add this as an option, but this would be something I'd look into in the future.

from komac.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.