From testing: GETing /users/someusername/repos doesn’t show private repos (even if it’s the user whose oauth access token you’re using). GETing /user/repos show private repos. This isn’t documented in the GitHub API docs at present, I just found out via testing. Thanks to @ivanzuzak for suggesting to look at the endpoint.
The most common argument is that you should not put sensitive information in a query string (GET parameter) as Web servers typically log the HTTP request URL. POST data can be arbitrarily long, so is not usually logged. Therefore when you’re dealing with something like client_secret or code (although it’s one time use), it makes … Read more
UUID generation is random, but random with bad entropy means that you will end up with easy to guess UUIDs. If you use a good random number generator, you can generate UUIDs that can be used for sessions. The catch to this, however, is that UUIDs don’t have built-in re-play prevention, tampering, fixation, etc., you … Read more
From the blog post you linked, I can see at least one benefit of tokens over SSH keys: while tokens and SSH keys both share the Unique, Revocable, and Random benefits quoted in the blog post below, tokens are also Limited in comparison to SSH keys in that they come with their own scoped permissions … Read more
My cheap solution has been implementing a before_filter to request an HTTP authentication before every action is executed. This solution works well along other authentication layers – Devise or others. USERS = { “user” => “secret” } before_filter :authenticate def authenticate authenticate_or_request_with_http_digest(“Application”) do |name| USERS[name] end end Whenever other peers land at yourdomain.heroku.com, they are … Read more
Just hit AD with the username and password instead of authenticating against your DB // POST: /Account/Login [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task<ActionResult> Login(LoginViewModel model, string returnUrl) { if (ModelState.IsValid) { var user = await UserManager.FindByNameAsync(model.UserName); if (user != null && AuthenticateAD(model.UserName, model.Password)) { await SignInAsync(user, model.RememberMe); return RedirectToLocal(returnUrl); } else { ModelState.AddModelError(“”, “Invalid username … Read more
I’m still learning how to run and use Docker, consider this an idea: # Run the registry on the server, allow only localhost connection docker run -p 127.0.0.1:5000:5000 registry # On the client, setup ssh tunneling ssh -N -L 5000:localhost:5000 user@server The registry is then accessible at localhost:5000, authentication is done through ssh that you … Read more
Try extractors instead Trying to implement this pattern in Actix 3 I banged my head for awhile trying to use middleware, basically making a guard and then figuring out how to pass data from the middleware into the handler. It was painful and eventually I realized that I was working against Actix rather than with … Read more
in your claims (second code snippet) I can only see this: new Claim(ClaimTypes.NameIdentifier, applicationUser.UserName), but you need to add this: new Claim(ClaimTypes.Name, applicationUser.UserName), then User.Identity.Name should contain the username.