Open
Description
Add Persistence for Personal Access Token (PAT) in Frontend
📝 Problem
Currently, when users enter their GitHub Personal Access Token (PAT) to access private repositories, the token is not persisted between browser sessions. Users have to re-enter their PAT every time they visit the site or refresh the page.
This creates friction for users who frequently work with private repositories and need to enter their token repeatedly.
🎯 Desired Outcome
Users should have the option to persist their PAT locally so they don't need to re-enter it on every visit, while maintaining appropriate security considerations.
🤔 Discussion Points
Some questions to consider when implementing this feature:
Storage Options:
- Should we use
localStorage,sessionStorage, or something else? - What are the security trade-offs of different approaches?
User Experience:
- Should persistence be opt-in or opt-out?
- How do we inform users about the security implications?
- Should there be an easy way to clear saved tokens?
Security Considerations:
- How do we balance convenience with security?
- Should we implement any form of token obfuscation?
- What warnings or disclaimers should we show users?
Implementation Scope:
- Should this be a simple browser storage solution?
- Are there other authentication patterns we should consider?
Feel free to comment with your thoughts on the best approach!