Store user-provided access tokens in CredentialsContainer
ErikMichelson opened this issue · comments
Which part of the project should be enhanced?
frontend -> exports to external services
Is your enhancement request related to a problem? Please describe.
When using external services for export like GitHub Gist or GitLab snippets, a user has to re-enter their access token for that service each time. This requires them to store the token in a secure but accessible place like a password-manager and might not seem intuitive.
Describe the solution you'd like
When initially entering a token and confirming the export, the user should be asked whether the access token may be remembered by the browser securely.
If the user accepts this, a new Credential
using the API for the CredentialsContainer
will be created. Upon further exports the client checks for the presence of such a stored credential.
Note, that it should be made transparent to the user that the access token will be only stored in their browser but never be transferred to the HedgeDoc server. And in addition that therefore HedgeDoc instance administrators won't have the ability to compromise the user's account.
Describe alternatives you've considered
As storing the tokens in a less-secure way (like localStorage
) is no option and it should also not be transferred to the server, there aren't any real alternatives.
Additional context
No response