newroco / rocket_integration

Nextcloud app that integrates Rocket chat
GNU Affero General Public License v3.0
4 stars 0 forks source link

RocketChat personal access token #3

Open pierreozoux opened 4 years ago

pierreozoux commented 4 years ago

Hi,

thanks a lot to start the dev of this :) this is really nice!

I just installed, and it is a really good starter.

I have one question, why, as an admin, do I have to user a personal access token as each user will connect with their own credentials. Can't the admin also log with their own credentials? ro do you need to do some api calls that require this admin cred?

Also, in term of security, is this token stored in the database? Can a user access it? I know it is 0.1 alpha version, but still curious :)

Thanks!

orzuionut commented 4 years ago

Hi, indeed we need the admin credentials to make API calls to Rocket Chat. Yeah, the token is stored in the Nextcloud database, so anyone who has access to that database also has access to that token. We will look into that in the future to improve it.

pierreozoux commented 4 years ago

It has to be stored somewhere, and there is a need for that. Is it possible to a scoped token instead of an admin?