While poking around the admin panel for git.snowdrift.coop's githost
account, I found that I can enable GitHub OAuth.

I've already turned it on as an experiment. Should we leave it on?

Pros: 

- New devs, who probably already have GitHub accounts, can easily
  create an account on git.snowdrift.coop. Less friction.

Cons:

- GitHub knows when these people sign in to git.snowdrift.coop.

- OAuth login is not compatible with two-factor auth.

I think the pros outweigh the cons. Creating an account is the "hard"
part... enabling passphrase login and two-factor auth can be done
later.

I have put a message listing the cons on the login page. You can see
it quickly by viewing https://git.snowdrift.coop/users/sign_in in a
private/incognito window.

Any thoughts or feedback?

P.S. Amusingly, we can also use git.snowdrift.coop *as an OAuth
provider*, if we wanted to use it to log in to other sites...

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Discuss mailing list
Discuss@lists.snowdrift.coop
https://lists.snowdrift.coop/mailman/listinfo/discuss

Reply via email to