search

blinkk / amagaki

A high-performance TypeScript static website generator for building highly-interactive websites. Localization inbuilt. Flexible URLs. Content managed and templates separated.
https://amagaki.dev
MIT License
36 stars 1 forks source link

OAuth permissions request flows #35

Open stevenle opened 3 years ago

stevenle commented 3 years ago

At some point, Amagaki will probably require some sort of Google Sheets (or other Google APIs) access, and I want to propose from the start that ama should request the minimum amount of permissions necessary to do a particular task.

So if a user runs what is similar to grow preprocess -p my-google-sheet for example, then a readonly access token should be requested. But if at some point in the future user runs something like grow translations upload (where translations are stored in a Google Sheet), then ama should then request readwrite access. Ama will need a permissions system to handle this case.

jeremydw commented 3 years ago

Getting this working with the following scenarios:

Amagaki supports server middleware so planning to experiment implementing this as a server middleware plugin, so other plugins that need access to Google stuff can just fetch the auth from this plugin.