|
|
|
|
|
|
by dullcrisp
4277 days ago
|
|
|
I don't really doubt you or your intentions, but I guess I might just not understand how authentication works for something like this. When I try to sign in with Google Drive, it tells me that PigShell (developer email: xxxx@gmail.com) would like access to my Google Drive, as well as my photos and videos. Does that give your API key access to my account, or does only code that I run that's hosted on pigshell.com have access? What do the permissions get tied to? And how would it work if I were to host it locally? |
|
|
Only the code you run that's hosted on pigshell.com has access. The permissions are tied to the app-id which is embedded in the code. The access token is persisted in your browser either as a cookie or explicitly in localStorage.
We don't and won't support OAuth 1 (Twitter, Flickr etc), which lacks a pure client-side flow, just to avoid the issue of users having to trust the pigshell.com server to generate (and not leak or misuse) the access tokens.
Here is a rough guide to local setup:
- Check out the git sources, run "make" (some more details here, but reading the Makefile should help)
- set up apache to serve the virtual host pigshell.com (if you want to use Dropbox, you need to create a self-signed SSL certificate and set up https as well)
- modify /etc/hosts and set 127.0.0.1 to point to pigshell.com
This way, static assets as well as redirect URLs from the OAuth2 server will hit your local server rather than pigshell.com