search

ScratchAddons / ScratchAddons

All-in-one browser extension for Scratch.
https://scratchaddons.com
GNU General Public License v3.0
716 stars 367 forks source link

Built-in authentication system for third-party integrations #5212

Open lisa-wolfgang opened 2 years ago

lisa-wolfgang commented 2 years ago

Why this would be helpful/solve a problem

Part of the issue with having third-party integrations (such as ocular) as addons is that they aren't immediately useful once enabled. The user has to figure out how to create an account with that service, which often involves the headache of verifying Scratch account ownership.

What this change does

My proposed solution is an addon API that would allow users to register and authenticate with third-party services with their Scratch credentials "automatically" -- obviously, user input would be required before credentials are processed or sent anywhere.

There are two ways to approach this:

  1. We create a protocol and require interested third-party services (such as ocular) to implement the protocol before an addon integration PR is accepted.
  2. We require potential PR authors to work with existing protocols used by third-party services, possibly all different in terms of implementation, security level, sensitive information transmitted, etc.

A combination of the two approaches will likely be used, as some services may no longer be actively maintained, or their owners may not be interested in putting in extra work for a Scratch Addons integration.

apple502j commented 2 years ago

See https://github.com/ScratchAddons/ScratchAddons/pull/3962#issuecomment-1009271700

Are there services other than Ocular that need this? I don't think so.

CST1229 commented 2 years ago

See #3962 (comment)

Are there services other than Ocular that need this? I don't think so.

Other than ocular, sites like Itinerary, Aviate, Magnifier and Scratch Tutorials also use Scratch Auth, which might also be able to benefit from an addon that adds automatic-one-click auth in some way.

BroJac5246 commented 2 years ago

See #3962 (comment)

Are there services other than Ocular that need this? I don't think so.

Other than ocular, sites like Itinerary, Aviate, Magnifier and Scratch Tutorials also use Scratch Auth, which might also be able to benefit from an addon that adds automatic-one-click auth in some way.

The Daily Gobo also uses it.

CST1229 commented 2 years ago

The Daily Gobo also uses it.

I know (and also Appel Level Database, which I wrote nearly all of the code for)

Weredime commented 2 years ago

cc @Looky1173, you may be able to help us integrate this into scratch auth?

Looky1173 commented 2 years ago

Would this require changes on Scratch Auth's side as well? How would this ideally work?

WorldLanguages commented 2 years ago

I'm skeptical about implementing something like this. This suggestion will need to get more concrete and specific so that we can discuss whether to consider it.

RIMOPA commented 1 year ago

How would we use credentials without saving them? Would we ask the user and keep them saved?

BroJac5246 commented 1 year ago

How would we use credentials without saving them? Would we ask the user and keep them saved?

Scratch Auth uses cloud variables or comments (the user gets to pick), so that could be automated.

If we need to directly take the credentials for some reason, they could likely be retrieved from Scratch's cookies.