Improve security of the authorization phase

[Lamparter]

Before you start...

• [X] Have you updated FluentHub? You might be using an old version.
• [X] Have you checked if a similar issue has already been reported?

What version of Windows is this issue present?

Windows 11

What version/architecture of FluentHub are you on?

DEBUG x64

Description

I have an interesting theory: Why don't we use the GH developer app for FH like we have used to on the store and delete AppCredentials.config so we can have a universal API key. This would remove the unnecessary method of the user creating an app and creating and entering the details in AppCredentials.config. I would wish to try this, though it may cause security vulnerabilities that I have overlooked.

Steps To Reproduce

No response

Expected behavior

No response

Relevant Assets

No response

[Lamparter]

@onein528 what do you think?

[0x5bfa]

What's the GitHub Developer App? Are you going to say "GitHub Apps"?

[Lamparter]

yes

[0x5bfa]

I don't know how to create that. If use that, we dont need to create AppCredentials.config?

[Lamparter]

I'll just test on a new PR with head branch GU12

[Lamparter]

@onein528 Can you tell me the client secret and client id for the FluentHub oauth app? I'll need it to create this PR

[0x5bfa]

I am now in school.

[0x5bfa]

@DeveloperWOW64 Can you try this?

Just checking. You wanna use GitHub Apps not OAuth? and it can be useful?

[Lamparter]

@DeveloperWOW64 Can you try this?

Just checking. You wanna use GitHub Apps not OAuth? and it can be useful?

sort-of, yes. I will make GU13.

[0x5bfa]

But do not create GU13 until been merged GU12 not to make conflicts please.

[Lamparter]

But do not create GU13 until been merged GU12 not to make conflicts please.

okay.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.