Closed michael-strelnikov-wdc closed 11 months ago
The PAT is stored in local storage of the browser. It is only sent to GitHub server, and is no way connected to server of Le Git Graph. . PAT is stored as string, with no encryption, because any encryption would be pointless as the decryption code would also have to be included in the extension itself, as PAT is to be sent as is to the Github API. . And about how secure it is to give full access to repositories... as long as the user's system/browser are not vulnerable in some way, and GitHub OAuth is secure enough, it would be secure. There are no other parties involved in PAT based auth.
I'm wondering where and how the PAT is stored. How secure it is to give full access all repositories?