Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to authenticate with bitbucket #27

Open
glenbot opened this issue Mar 21, 2012 · 7 comments
Open

Add support to authenticate with bitbucket #27

glenbot opened this issue Mar 21, 2012 · 7 comments
Assignees
@durden
Labels
Enhancement

Comments

@glenbot
Copy link
Member

glenbot commented Mar 21, 2012

pretty obvious
@ghost ghost assigned durden Mar 21, 2012
@durden
Copy link
Member

durden commented Mar 22, 2012

I'm in the process of working on this. The Oauth support on bitbucket is in beta so I had to request for token/keys manually from them. They have provided them, but I'm running into some weird authentication issue just testing things out from the CLI. I've got a support request in with them now.

Also, they support basic auth. We could use this, but I'd prefer to use OAuth so we don't ever actually have user's passwords. I don't like when sites do that because no way to know what they are doing with your password.

@glenbot
Copy link
Member Author

glenbot commented Mar 22, 2012

Agreed. OAuth is the way to go.

@durden
Copy link
Member

durden commented Mar 25, 2012

Ok, I've gotten enough information from Bitbucket's really lame documentation and e-mailing their support to get this working. I've successfully authenticated my Bitbucket account from the cli with a little python script. I'm going to take some time to integrate this into the actual application and separate out the github oauth too.

I started thinking more about the details after the oauth today. What are we going to do with duplicate names across github and bitbucket? I mean bitbucket user glenbot could techincally be a different github glenbot user, etc. We need to store somewhere what service their authenticated with. We will also need to figure out a good way to distinguish these users in the url scheme, etc. I'm not really sure what to do about all of this because now a name isn't necessarily unique.

Thoughts?

@glenbot
Copy link
Member Author

glenbot commented Mar 25, 2012

oh yeah. Good call on the name. ... eek, im not sure. My guess ... we check for the username and only allow one or the other. The meta data we store changes too.

@durden
Copy link
Member

durden commented Mar 25, 2012

Yea need to think about this a lot more. I don't really like only allowing one or the other because it might be two completely different users. So, someone wouldn't be able to use codrspace haut because of a name. However, the code might be super complicated to allow both..to be continued

@glenbot
Copy link
Member Author

glenbot commented Mar 25, 2012

If we were to allow self registration without github or bitbucket, we would have to check if the name is taken as well. It's an issue of data integrity. Like most websites, if your username is taken, tough luck.

@durden
Copy link
Member

durden commented Mar 25, 2012

Yea, that's a good point. The problem with our scenario is that we don't do our own auth so if someone's name is taken then in order to use codrspace they have to open another account with someone else. Not really a good solution probably.

So maybe your right, the best thing to do is say that name is taken. Also, we'll need to change the meta information to see which service they use, etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@durden durden

Labels
Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@durden @glenbot