Closed davidbenhaim closed 1 year ago
Great question! We currently only allow log in with Google to log in to autotab itself, but plan to build login with email/password and other third party options.
ah thanks. Ok. It was very unclear why I was being asked to sign in to google. The autotab website, readme, and code in this repo don't mention logging in to autotab or why it is required? My first take on why was that the code logged me in to google was as a demo for the tool not for auth for autotab. Its unclear what autotab actually is.
Wdyt, does this help clarify? https://github.com/Planetary-Computers/autotab-starter/pull/9. Anything you would add?
autotab is for turning your browser actions into Selenium code!
@jonasalexander its a start but honestly you're asking new customers to take a (somewhat) big leap here. I understand the desire to reduce friction in sign up but also my google account is a big deal to me and I have very little information about autotab to trust you and your website is extremely sparse on information about who you are. Literally anyone can write "backed by yc" on their website. Nothing actually links autotab to YC. You're not mentioned on their website. Not that YC is a stamp of security approval...
The idea that I should feel comfortable putting my google credentials in a yml file on disk that 3rd party code then reads and then auto-login to your service for me is honestly a deal breaker. I like the idea for this product which is why I'm giving you feedback. I read through the code in this repo and nothing looks sketchy but your chrome extension is minified / uglified so I actually have no idea what its doing with my credentials that are being passed around. This is just not how auth is done.
Why not have me oauth from autotab.com and generate an api key that I can then enter into the chrome extension?
Slightly more work but like I don't have to trust you with my credentials.
Thanks for the feedback, I appreciate it!
It is confusing - for the record I am part of YC (the last batch, summer 23 - was previously working on ZTool and haven't updated it yet but you can see my face here https://www.ycombinator.com/companies/ztool).
The only place we use the credentials during autotab record
is here: https://github.com/Planetary-Computers/autotab-starter/blob/main/src/utils/open_plugin.py. You can either just comment that function out or set record_mode=False
in get_driver
in record.py
(here: https://github.com/Planetary-Computers/autotab-starter/blob/b56108e9f174e647678cc39ffb6e018862412e91/src/record.py#L8). Then you can use.example.autotab.yaml
as your .autotab.yaml
and you're ready to go, 0 credentials shared. You will have to manually open the extension in the Selenium-controlled browser and you will still need sign in to autotab with Google but no credentials are shared, you're just through the standard Google auth flow.
All that said I agree that an API key would be smoother! Definitely a thing I'd like to build soon
@davidbenhaim You can now go to https://www.autotab.com/dashboard, get your API key and then just set the autotab_api_key
in your .autotab.yaml file locally! No more Google credentials within 100 feet of autotab. :)
thanks @jonasalexander I will re-try with these changes.
unclear from website or repo why the extension requires google login?