Simon Li

Any there any potential security issues with passing through arbitrary parameters unchecked to the oauth provider?

@kreuzert I think it's fine to force push to this branch.

Is this still an issue for you?

https://tools.ietf.org/html/rfc6749#section-2.3.1 > Clients in possession of a client password MAY use the HTTP Basic authentication scheme as defined in [RFC2617] to authenticate with the authorization server. The client identifier is...

Have you tried setting `c.GlobusOAuthenticator.username_from_email = True`? https://oauthenticator.readthedocs.io/en/latest/api/gen/oauthenticator.globus.html#oauthenticator.globus.GlobusOAuthenticator.username_from_email

Is this something you're interested in working on? Could it be done at a more generic level?

Another idea: use a browser's [`LocalStorage`](https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API/Using_the_Web_Storage_API). One downside is that it's at the domain scope not the notebook / URL scope, so need to be careful about automatically restoring state....

Maybe this should be split into two topics: - what should be stored e.g. all of home, just the state of all notebooks, only files which are managed by the...

Quick proof-of-concept (tested on Firefox): 1. Load a repository in binder, open a notebook, make some changes, save it. 2. Open your browser's JavaScript console for that page 3. Paste...

> Is this the moment where we make a new issue for "Browser based storage of notebooks Sounds good to me! > In order to offer the user a "want...