gitify icon indicating copy to clipboard operation
gitify copied to clipboard

Published 20 hours ago verified publisher icon gitify-app

How do you create a clientid/secret for Enterprise?

Open ayoung opened this issue 7 years ago • 8 comments
trafficstars

I'm having a hard time finding out where to create the ID and secret for Gitify. All the oauth supports require a URL with a webhook or callback.

ayoung avatar Dec 21 '17 21:12 ayoung

+1 for this, some documentation would be very helpful.

stephancom avatar Jan 24 '18 17:01 stephancom

You can find it in GHE (v2.11) in SettingsOAuth ApplicationsDeveloper Applications. Leaving the callback URL blank seems to work fine.

adamu avatar Feb 09 '18 07:02 adamu

If you don't specify the callback url, it takes it from the home page url, which is a required field.

Why is requiring OAuth credentials is necessary at all? I was under impression that features available through the regular API (which only requires to generate a token) are the same as for OAuth apps.

netvl avatar Mar 29 '18 19:03 netvl

I'm also puzzled by this... What are the urls to specify?

tiii avatar Apr 23 '18 10:04 tiii

I got it to work by just specifying https://www.gitify.io/. After entering that as both the application URL and callback URL I was given the client id and secret, pasted those into gitify, and was then prompted by gitify to login to my enterprise account.

bmeeder22 avatar Jul 11 '19 14:07 bmeeder22

Is there a reason Gitify can't use a Personal Access Token instead? It seems overkill to create an OAuth app just for myself to get a token.

lilyball avatar Jul 16 '20 21:07 lilyball

Looks like it's not just overkill; Gitify is showing the OAuth login dialog itself rather than deferring to the browser. This is really concerning because it defeats the whole point of OAuth; Gitify is in a position to intercept my username and password. Using the browser would require having a callback URL that actually went back to the app, but that's certainly possible on macOS and I would sure hope it's possible on Windows and Linux too.

Or just use a Personal Access Token and bypass all of this. PATs are used the same way that OAuth tokens are.

lilyball avatar Jul 16 '20 21:07 lilyball

Actually this issue affects regular GitHub too; I hadn't tried it before, but it's doing the same in-app browser window for login there, which means it's in a position to steal my GitHub username/password.

lilyball avatar Jul 16 '20 21:07 lilyball

Personal access tokens are supported now, so this is maybe completed? I've also started work on moving OAuth to happen in a normal browser. See https://github.com/gitify-app/gitify/pull/654. Help is very welcomed.

There's several other issues about the OAuth login process linked in that PR, so closing this one as completed/duplicate.

Let me know if I'm missing a detail.

bmulholland avatar Oct 04 '23 09:10 bmulholland