Closed christhomas closed 5 years ago
Turns out that I'm going to need to do this a lot sooner than I expected, because of the api rate limits are so low that even with some basic testing, you soon run into them.
I'll split this into two tasks cause then I can work on github first without worrying about this task needing to also take care of gitlab. But perhaps it'll be the same work ultimately?
The endpoints to add/remove the tokens generated are ready, the tables are ready and the relationships are returning the user object with the right access tokens in a new position in the return data from the login/check endpoints.
This should be enough to add to the requests that go through github
I was thinking today about how to auth against GitHub. The problem is that composer, for example, doesn't support the right type of auth that GitHub needs, it only supports really basic auth types (if I'm wrong please let me know!)
So what I thought was, you could obtain an access token from GitHub and then register this token with a user in the auth service, giving it a username and password.
So the username and password can be given from composer over it's supported auth type, this auth will "unlock" access to the GitHub token stored in the user which is then used to do the second level login and then everything is transparent from there.
This might need that we proxy requests for each file through the repo service which then uses the token transparently cause composer couldn't connect directly to GitHub since it wouldn't have the token.
Does anybody know composer better than I do to know that there is an easier way to do this?