ash icon indicating copy to clipboard operation
ash copied to clipboard

Published 20 hours ago verified publisher icon seletskiy

OAuth tokens for Stash REST API

Open dreamer-dead opened this issue 9 years ago • 3 comments

Is it possible to use tokens instead of plain text login with ash? According to docs at https://answers.atlassian.com/questions/208694/stash-rest-api-authentication there is a way to do it.

dreamer-dead avatar Sep 23 '15 15:09 dreamer-dead

@dreamer-dead: at the present date --- no. Do you see a security concern in it? If your Stash instance is served via HTTP, it's already insecure (due to WEB logins), so it's not the big matter that ash is authenticating via Basic Auth. Serving via HTTPS should solve that issue.

seletskiy avatar Sep 24 '15 06:09 seletskiy

Storing login in plain text config file isn't a good idea for me. Corporate login often used to authorise user for many services and it will look like as a security breach. So it will be a nice feature for ash to use tokens, IMHO. Please, consider it as a feature request =)

dreamer-dead avatar Sep 24 '15 17:09 dreamer-dead

@dreamer-dead: It'll going to be certanly not easy to implement (alternative is an OAuth, which should be somehow implemented in console app). I'm afraid, that physical access to work machine reveals a whooping lot more dangerous possibilities.

I'm not ready to digging into that functionality right now, but if you're willing to help, I'll glad to see pull request with proof-of-concept.

seletskiy avatar Sep 24 '15 17:09 seletskiy