Open rufuspollock opened 10 years ago
Is it possible to provide both login methods? It is not a good security practice to give your login info to a 3rd party website, and it's not practical for the user to check that the credentials are only being stored locally. If both login methods are provided, then the user can decide which option is secure enough.
We currently use Github OAuth which is nice but a bit of a PITA for a pure HTML / JS app (cf #154).
We could store login credentials in a cookie and use that.