Comments (4)
SPGo 1.3.1 has been released to the VSCode Marketplace, you can now persist credentials by setting the following property: "storeCredentials" : true
in spgo.json.
@koltyakov - CPass was easy to integrate, thanks!
from spgo.
Hi @sg-chrishasz,
We use cpass
a lot within generator-app
, node-sp-auth-config
, and some other related projects.
The reasons behind cpass
initial creation were:
- Exclude situations with clear text secrets showing up (while presenting code and occasional misconfiguration of .gitignore/.npmignore)
- Make it simple and cross-platform (without OS-specific overheads)
- Provide a security over obscurity using unique "machine id" based encoding
I can't see any drawbacks really. Yet, the creds prompt system should be aware of some nuances. I.e. if a hashed string is happened to be decoded on the other machine than where it was encoded, it ends up with the same hashed string (it just can't be encoded anywhere else original machine); wherefore creds prompt system should understand that it does not own the secret and asks for it to be entered by a user. Otherwise, lots of issues can appear from the folks who are used to deal with sources stored in cloud file storages (Google Drive, OneDrive, etc.) and getting 401 error.
In the generator, for example, all the private files are ignored by git and never belong to commits. So it the same project is cloned and different machines there are different versions of private files and there are no situations when wrong creds are used, at least such situations are rarely met.
I personally would be happy if SPGo uses cpass!
from spgo.
@koltyakov that sounds good. Thank you for confirming cpass functionality!
I'll plan to write the hashed user data to local temp, and not the user's roaming profile to prevent the machine<->machine issues, and gracefully fall back to deleting and recapturing a user's credentials should authentication fail.
from spgo.
Hello @forket
I have thought about implementing this feature in the past, but I have not found a solution I am happy with from a usability and, most importantly, a security standpoint. There are a couple different positions to consider:
- How to provide this in a cross-platform way. OSX uses the Keychain, Windows uses identity manager, etc. The VSTS plugin ships with a windows .exe to manage windows identity, and that seems like a heavy solution.
- I don't want to have passwords in clear-text in the config file, as that can be checked in to git or similar.
At one point, VSCode had an experimental api for managing credentials, but I do not think it was ever fully productized.
One option I could think of is using something like cpass to hash your usename and password to a text file in temp storage (/tmp OSX+Linux, /ApplicationData in Windows). I could then expose a property in the SPGo.json file like this: {"storeCredentials" : true}
and use it as a flag to check for the hash.
What do you think of this solution?
@koltyakov do you see any drawbacks in this approach or the use of cpass?
from spgo.
Related Issues (20)
- V1.7.1 'Publish Local Workspace' now not working. V1.7.0 still works HOT 9
- SPGo On-prem auth issues
- spgo NTLM invalid user credentials HOT 3
- Spgo with Webpack
- Bug: Always publishing minor HOT 3
- Configure Workspace not working on MAC OS BigSUR HOT 3
- Populate/Login throws Cannot read property 'length' of undefined
- Addin only authentication prompts for username and password instead of client ID and Secret
- Same code on multiple site collections (different environments of the same solution)
- Support mono repo
- SPGO not opening Site Assets on SP On-Prem HOT 3
- Unable to authenticate using app password HOT 2
- Extension issue
- Unable to find and download the SPGo (Visual Code extension). File cannot be found. I probably do not have the proper syntax to download the file. The file will be use to install it in Visual Code that lives in a computer that is not connect to the Internet. https://marketplace.visualstudio.com/items?itemName=SiteGo.spgo
- Incorrect Username or Password
- No termina de publicar major version
- SPGo Project Status?? HOT 2
- `Cannot read properties of undefined (reading '0')` HOT 1
- SPGO not connecting the sharepoint online even after following all the steps HOT 1
- No active workspace selected
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spgo.