fghx icon indicating copy to clipboard operation
fghx copied to clipboard

Published 20 hours ago verified publisher icon follow-github-organisation

Cannot validate github access token

Open owen800q opened this issue 4 years ago • 11 comments

The newly generated token cannot be validate correctly

image

owen800q avatar Sep 06 '19 03:09 owen800q

Hi @owen800q,

Thanks for reporting this, can you please try generating a new token and checking if that works?

Just want to ensure if this is a proper issue, if it's, you will get a supporter license 🔑 for 🆓.

pravj avatar Sep 06 '19 13:09 pravj

@pravj After regenerating a new token for testing ,still not working.. Peek 2019-09-06 23-45

owen800q avatar Sep 06 '19 15:09 owen800q

same problem here.

virgulvirgul avatar Oct 24 '19 16:10 virgulvirgul

Same problem here. After I input the token, and click the save button, it gives no response than loading. I will try to learn the code to see what's going on.

In the console of Chrome Extension, it said

settings.js:259 click on form submit
settings.js:133 add user token
api.followgithub.org/v1/user/token:1 Failed to load resource: the server responded with a status of 500 ()

I guess it might be a server-issue behind the extension service.

ax4 avatar Dec 22 '19 00:12 ax4

I couldn't manage the expenses for running the server, and hence the extension is not working. I'm thinking of asking users to contribute (Paypal), not sure if people will be willing to pay.

What do you think? @ax4 @virgulvirgul @halhenke @owen800q

pravj avatar Jan 17 '20 05:01 pravj

@pravj I can donate a cheap VM on digitalocean. BTW, Can't the api server be deployed to heroku?

owen800q avatar Jan 17 '20 06:01 owen800q

I couldn't manage the expenses for running the server, and hence the extension is not working. I'm thinking of asking users to contribute (Paypal), not sure if people will be willing to pay.

What do you think? @ax4 @virgulvirgul @halhenke @owen800q

It seems the extension is still serverless, it will be okay?

ksboy avatar Apr 21 '20 12:04 ksboy

I couldn't manage the expenses for running the server, and hence the extension is not working. I'm thinking of asking users to contribute (Paypal), not sure if people will be willing to pay.

What do you think? @ax4 @virgulvirgul @halhenke @owen800q

Why does this need a server? What is its purpose? Can't the server component be removed from the picture?

Also: what data is being stored on that server? Is there user-identifiable data on there? If so, are you complying with the GDPR? It appears not, since this is the first I hear of a server being necessary for this to work.

jrial avatar Jun 04 '20 08:06 jrial

Hi @jrial ! Good challenge!

But I would suggest not throwing questions looking negative to a currently unsolved problem. YES, there's so much cool stuff going on with GDPR, but the reality is that not all of the developers have the way to add GDPR complying with their project. Adding a burden to a project is not how open source software made magically.

(the current stage of this project's development is temporarily inactive and the infrequent issue comments / none-pr-s can prove this. GDPR alone won't solve the coding problem, or won’t automatically generate the fixing source code for a project).

Instead of complaining, I would suggest forking the source code of this project, and then make its backend code developed and open-sourced. Like any other project, it could be engineered into a self-hosted instance. Or if anyone has magical engineering, it could be an extension standalone using the 'backend page' to arrive at the purpose.

Once the improvement is done by fork folks, they can make pull requests to improve this project.

Sincerely I am writing replies back to this repo because I believe the lacking of server-side code can be fixed. It just needs some more code to solve the problem.

ax4 avatar Jun 05 '20 13:06 ax4

I don't necessarily mind that there's a server involved. However, "I am just a humble open source developer" does not exempt you from the law. It doesn't change the fact that your only options to comply with said law are:

  1. don't store personally identifyable data
  2. store the bare minimum of personally identifiable data necessary for you to deliver your service (e.g. to keep track of paid subscriptions), and disclose this to the users
  3. store the bare minimum necessary for you to deliver your service, inform the users of this, and obtain their express consent for whatever you wish to store on top of that.

The GDPR is not a burden to the FOSS developer; the GDPR is in line with the values most of us hold dear.

That said, I guess the server is probably only used for some processing, which can perfectly be done client side as well. However, without a reply from the dev (or a look under the hood by someone who understands whatever language browser plugins are written in [EDIT] Javascript, apparently), it's all speculation.

jrial avatar Jun 10 '20 07:06 jrial

Some further digging shows that your personal access token is sent to the server. Whether it's stored, or just used as data in transit, is unclear since the server code is not open source and can not be inspected.

jrial avatar Jun 10 '20 08:06 jrial