Closed frank-zsy closed 1 week ago
frank-zsy
commented
2 weeks ago Currently, we only has a very basic version which will log the information into console but all is good now.
@wangyantong2000 Could you keep working on this PR and make it available for production?
frank-zsy
commented
2 weeks ago I also added the Gitee token process. Gitee is a little bit different than GitHub, GitHub OAuth App will return a permanent token without expire date ( maybe, as far as I know).
But Gitee will return an object with token and expire_in and refresh_token, if the token is expired, we can directly refresh the token with refresh_token from HyperCRX without auth or connect to server.
The doc is here: https://gitee.com/api/v5/oauth_doc#/
wangyantong2000
commented
2 weeks ago The current issues with running this part locally are as follows.
Moreover, in the Edge browser, chrome.identity seems to be ineffective, and Edge may not have this API, which is null.
wangyantong2000
commented
2 weeks ago Sorry, after updating the Edge browser, chrome. identity is also valid.
frank-zsy
commented
2 weeks ago The redirect_uri should be fixed for OAuth App, so I changed the procedure, the OAuth App will directly redirect to server side and server will get the token and redirect to extension so extension can get the token from the URL.
frank-zsy
commented
2 weeks ago @wangyantong2000 I think I've finished all the functionality of new token retrieval procedure. You can test it in your local env and report any bug you find, and feel free to optimize the code as you like.
And the PR will not be ready until hypercrx.cn domain is valid.
frank-zsy
commented
2 weeks ago @Xsy41 Could you also test this functionality?
Xsy41
commented
2 weeks ago Good work! I think it's a great feature.
Xsy41
commented
2 weeks ago Whether user consent is required for each binding?There is no problem in the implementation of the function.
frank-zsy
commented
2 weeks ago Whether user consent is required for each binding?
No, the authorization action will be only required for the first time. Actually this action means user authorizes the HyperCRX OAuth App to access his account. So if the user finish the authorization in first time, he will not need to consent again even in a different device. So after you unbind the account, re-bind account is totally automated and there will not be a pop-up page.
However there will be pop-up page in following situations:
Except the above situations, if users keep login on GitHub/Gitee, the bind action will be fully automated after the first time.
Xsy41
commented
2 weeks ago This setup sounds user-friendly, especially with automated re-binding in most cases. Thanks for your thorough response!
frank-zsy
commented
1 week ago The hypercrx.cn domain has been ready and already changed the online URL, this PR is ready for merge now. @wangyantong2000
wangyantong2000
commented
1 week ago OK
wangyantong2000
commented
1 week ago @Xsy41 After the refactoring work on the options page is merged, you can update and modify the comments on the token related part of the FastPR process in 911 again~
Brief Information
This pull request is in the type of (more info about types):
Related issues (all available keywords):
Details
This PR will optimize the GitHub token retrieve process. Originally, we requires users to generate the token manually and set into the HyperCRX settings, this is not friendly enough for some users especially non-tech users.
Now, we are using HyperCRX GitHub OAuth App to do this, user only need to click the button and HyperCRX will redirect to GitHub OAuth page for users to authorize HyperCRX App to get personal token automatically. Although this requires an OAuth server to get the token and get back to users, the process is much more easy for users.
Checklist
Others