Skip to content
This repository has been archived by the owner on Jun 26, 2022. It is now read-only.

Issue with using githubAuth and firebase #74

Open
geekodour opened this issue Jul 28, 2017 · 0 comments
Open

Issue with using githubAuth and firebase #74

geekodour opened this issue Jul 28, 2017 · 0 comments
Labels
help wanted question

Comments

@geekodour
Copy link
Owner

Here I was trying to add a feature to comment on the issue directly from the blog page, this works but has few security concerns as follows:

In _config.yml you see the following:

# recommended that you DON'T set anything to firebase right now, this is unstable
# disabling firebase also means you should set `isGithubAuth` to false.
# If you still want to test it(it works), then use your firebase credentials
firebaseConfig:
    apiKey: AIzaSyAZSJ1d1Sr9MnTK-__3D8SrwXjjQf6EML4
    authDomain: myblog-2b0ba.firebaseapp.com
    projectId: myblog-2b0ba

This is because of two reasons:

  • When using the JavaScript SDK, Firebase api keys have to be public. I don't know how safe is that.
  • Even if you use firebase(it works nicely) but the github scope that is required to comment on github issue is repo which grants private repo read/write access. I don't want this scope, I just want something with which I can comment on other github issues, but there is no other scope that enables that.

So these are the security issues with that. Let me know if you have any suggestion/solution.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@geekodour