While poking around the admin panel for git.snowdrift.coop's githost account, I found that I can enable GitHub OAuth.
I've already turned it on as an experiment. Should we leave it on? Pros: - New devs, who probably already have GitHub accounts, can easily create an account on git.snowdrift.coop. Less friction. Cons: - GitHub knows when these people sign in to git.snowdrift.coop. - OAuth login is not compatible with two-factor auth. I think the pros outweigh the cons. Creating an account is the "hard" part... enabling passphrase login and two-factor auth can be done later. I have put a message listing the cons on the login page. You can see it quickly by viewing https://git.snowdrift.coop/users/sign_in in a private/incognito window. Any thoughts or feedback? P.S. Amusingly, we can also use git.snowdrift.coop *as an OAuth provider*, if we wanted to use it to log in to other sites...
signature.asc
Description: Digital signature
_______________________________________________ Discuss mailing list Discuss@lists.snowdrift.coop https://lists.snowdrift.coop/mailman/listinfo/discuss
