Closed Overdrivr closed 8 years ago
Initially, I thought that persisting either token could be ok for functionnality and to identify a user. However, reading through github services documentation and especially how to use the server to act on behalf of a user to list all of the user's repos shows that you need to store the OAuth token sent by github, and use it as authentication mechanism.
So, to make it short. We are for now generating an accessToken with loopback. Instead, we need to use the one provided by github.
Initially, I thought that persisting either token could be ok for functionnality and to identify a user. However, reading through github services documentation and especially how to use the server to act on behalf of a user to list all of the user's repos shows that you need to store the OAuth token sent by github, and use it as authentication mechanism.
So, to make it short. We are for now generating an accessToken with loopback. Instead, we need to use the one provided by github.