Ask HN: GitHub login for B2D service?
I have been working on a B2D service. Right now my only login method is GitHub. I thought it made sense, since most seem to be using GitHub for their projects. It will use GitHub as a way to help add services to your development projects.
I wanted to know if this a bad way to go? Should I allow a native login? Various login types?
Thank you for your time and feedback on this issue.
4 comments
[ 4.4 ms ] story [ 27.0 ms ] threadWhat stack are you developing in? Maybe there's a solution like https://github.com/intridea/omniauth available that you could utilize if applicable.
Hope that's helpful and good luck :)
You're completely correct in that asking for unnecessary permissions is gauche, but with Github specifically, they make it nearly impossible to be a responsible custodian. It's quite bothersome, and to the extent that I've written an application that I think could have a moderate revenue stream if I released to the world, but I only use it for myself exclusively because I am that uncomfortable asking for write permissions on private repos that I don't need or want.
If an attacker could gain write access to a customer's private repositories though, I feel like that would make an otherwise unattractive service far more of a target.
You're dead on though -- I've wanted to use Github oAuth for at least five different dev-oriented projects, but their permission system just makes it impossible.