Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: change the login flow to an OAuth2 PKCE flow #15

Merged
merged 5 commits into from Apr 19, 2020

Conversation

TrueBrain
Copy link
Member

This avoids other websites being able to steal API tokens and
modify any content on the API, without the user knowing.

bananas_api/helpers/web_routes.py Outdated Show resolved Hide resolved
bananas_api/helpers/web_routes.py Show resolved Hide resolved
This avoids other websites being able to steal API tokens and
modify any content on the API, without the user knowing.
If people want to register their application, they can make a
pull-request. This follows OAuth2 design, although we don't have
a dynamic portal to register your app, but it needs to be done
via a pull-request.
Copy link
Member

@frosch123 frosch123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but the bots are not happy.

bananas_api/helpers/web_routes.py Outdated Show resolved Hide resolved
@TrueBrain TrueBrain merged commit 9ee4665 into OpenTTD:master Apr 19, 2020
@TrueBrain TrueBrain deleted the oauth_flow branch April 19, 2020 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants