wsmorgan
commented
8 years ago Actually it looks like google drive has a client side 0Auth 2 setup as well that we can use. So should we just force everyone to use google drive for now?
Open wsmorgan opened 8 years ago
wsmorgan
commented
8 years ago Actually it looks like google drive has a client side 0Auth 2 setup as well that we can use. So should we just force everyone to use google drive for now?
rosenbrockc
commented
8 years ago Rats! I don't see how Google would get away from that (unless it works only for Chrome using Google services, in which case the user can be signed into Chrome globally and thus have established credentials)...
Suppose we got a domain name (we can get one for free for a year with github student, after that its like $7/year, which I could easily handle). We could host the static HTML pages on AWS and have a SSL address through them. Then we don't have to worry about the server-side code (e.g. django, php, or whatever), we could still use JS, but we would solve this problem for any Oauth workflow we may need to use later.
What disadvantages do we have with doing that? I doubt our HTML page would exceed the AWS free tier for the first while.
Perhaps having a localhost web server is the right thing to do after all? @andrewhuynguyen, you seemed the most hesitant to having the local web server, can you chime in?
andrewhuynguyen
commented
8 years ago I was hoping that dropbox would work. I agree that we could host the HTML pages on AWS (or maybe google sites--free but there are some limitations). We should explore that before the localhost web server.
I am not against the idea of a localhost web server. If there are no other choices, then maybe we should go with having a local web server. I was thinking about accessing the database since I have two macs (one for work and one at home). If the database was in dropbox or google drive, then I could access the notebook from either mac, but it seems to be more difficult that I thought it would be. Maybe we should worry about this later.
rosenbrockc
commented
8 years ago You could still use your dropbox with a local server; you would just need to configure the settings on each of the separate machines to have the local server point to your dropbox. The syncing would be handled automatically between them.
Recently we discussed having acorn save all the
*.jsonfiles that are created to dropbox so that we could keep track of updates and search files easily. My efforts today have revealed a problem with this approach though. It seems that in order to access dropbox the authentication request has to be made through an https server so that the returned token isn't compromised. Here again we hit the problem of having to run a server. The issues involved were discussed extremely well in these two threads:https://www.dropboxforum.com/hc/en-us/community/posts/205933403-Safely-expose-credentials-to-JavaScript-client-
http://stackoverflow.com/questions/23697712/accessing-files-on-dropbox-with-client-side-javascript-from-http-only
I'm starting to look into the Google Drive API to see if we can get around this issue by using google drive instead of drop box but it uses similar OAuth 2 protocols so I might hit a similar roadblock.
The question becomes is there a client-side way of getting the OAuth 2 authentication? Or are we going to be forced to go to a server?