Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticate users before filing a report #32

Open
paddycarver opened this issue Feb 9, 2019 · 0 comments
Open

Authenticate users before filing a report #32

paddycarver opened this issue Feb 9, 2019 · 0 comments

Comments

@paddycarver
Copy link
Contributor

We'd really like to have the ability to have some form of authentication on the /report endpoint. Ideally this would verify that users are part of our organization before we accept data from them.

One way we could achieve this is by using something like an HMAC, and distributing the key as part of the payload that's pushed to Chrome by the administrator. That's a quick fix solution, and we'd be happy to help submit a PR for it. Unfortunately, it would also only offer some protection. A single passphrase, etc. etc.

Another way we could achieve this is by using Google Sign-In or the OAuth package to handle OAuth requests from the chrome extension. The chrome extension, in turn, could use the identity API to retrieve an auth token to make requests with. This is a much more secure approach, but also offers many more ways to break. We'd also be happy to help with a PR to accomplish this.

Is there any interest in pursuing either of these strategies, or some third option?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@paddycarver