SublimeJira icon indicating copy to clipboard operation
SublimeJira copied to clipboard

Published 20 hours ago verified publisher icon mix86

alternative to plaintext password

Open BJam opened this issue 10 years ago • 9 comments

I was curious if there is an alternative to plaintext passwords in Sublime settings. Possibly supporting OSX keychain or some such.

Stackoverlfow post: http://stackoverflow.com/questions/22818017/is-there-a-way-to-use-sublimetext-jira-package-user-setting-securely-using-login

Python keychain manager: https://pypi.python.org/pypi/keychain_manager

BJam avatar Apr 03 '14 20:04 BJam

A password prompt upon first command run would also be great.

ptrm avatar May 06 '14 09:05 ptrm

Jirash solves this by reading a config file in user's home directory i.e: ~/.jirash.json. But this is still stored in plain. As far as I know there's no "single" built-in cross-platform password store... many services rely on plain text passwords stored in config files ...

Though there is keyring

asfaltboy avatar Jun 10 '15 11:06 asfaltboy

What about OAuth?

https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication

I'd like to use this, but I'm not in love with putting any plaintext passwords anywhere.

benmosher avatar Oct 06 '15 16:10 benmosher

+1

I will not use this package until it removes the requirement of plaintext passwords.

I wouldn't mind if it just loaded Jira in my browser and didn't attempt to log me in. Cookies are a wonderful thing. If I need to log in manually, I'd rather do that than store a plaintext password in some random ST package.

dgirgenti avatar Mar 08 '16 15:03 dgirgenti

+1 on above

Would love to use this.

manikrathee avatar Apr 04 '16 18:04 manikrathee

I took a look around. I think the API client for this could pretty easily take an OAuth token, but it looks like someone would need to register an OAuth app key with Atlassian.

benmosher avatar Apr 04 '16 19:04 benmosher

I believe a token can be obtained as part of JIRA’s OAuth dance.

But, before it can be obtained, a consumer-key/public-key pair must be generated by an admin.

To configure/obtain a consumer key pair, ask you JIRA administrator to follow the following guide: https://confluence.atlassian.com/display/JIRA042/Configuring+OAuth+Consumer+Information+for+JIRA https://confluence.atlassian.com/display/JIRA042/Configuring+OAuth+Consumer+Information+for+JIRA

Later, when consumer/server relation is established, a token can requested: https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication https://developer.atlassian.com/jiradev/jira-apis/jira-rest-apis/jira-rest-api-tutorials/jira-rest-api-example-oauth-authentication

If we implement this, we should mention the requirement to obtain a consumer key pair as above.

On 4 Apr 2016, at 9:01 PM, Ben Mosher [email protected] wrote:

I took a look around. I think the API client for this could pretty easily take an OAuth token, but it looks like someone would need to register an OAuth app key with Atlassian.

— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/mix86/SublimeJira/issues/9#issuecomment-205449145

asfaltboy avatar Apr 05 '16 05:04 asfaltboy

Not sure if there are additional implications, but it would be considering self-hosted environments too.

dacook avatar May 30 '17 04:05 dacook

This is a must for many of us accessing Jira through single sign-on technologies like Google, Okta, etc.

emilio-rti avatar May 26 '23 08:05 emilio-rti