I attempted to post this in the git channel, but there's not much action over there, so apologies for the double post. Here's my question.I developed an app that's meant to integrate with GitHub, in the repo scope. Everything is set up just fine - I have HTTP Only, Same Site, Secure cookies storing the user's OAuth access token on a Node server and I can hit the API.Nobody likes giving full public/private repo scope to a random third party app, and I don't blame them. However, there's no way to limit OAuth to a single repo, and the GitHub App doesn't really fit my use case of each user logging in individually and accessing their GitHub data.So what I'd like to do is use deploy keys, but I don't understand how I could utilize them for the purpose of authenticating. Right now, I have one hosted app, and each user can securely log in and work with their data through the app. I'd like the user to have to create a private repo, set up deploy keys for that repo, and the server uses SSH to communicate instead of the API. I don't think it's possible, since I don't want a bunch of private keys on a Node server that belong to different users.Would anyone be able to shed some light on a possible alternative? Or would making the app be a self-hosted app and you set up your own deploy key be a good option? I just don't quite understand how I could utilize the single-repo access with deploy keys in my system or a similar system.
Submitted May 05, 2020 at 05:05PM by floppydiskette
No comments:
Post a Comment