Persistent Authentication even when logged off?
I'm trying to write a web application that works like this:
- The user sends an email to the email address of my application
- My application posts the body of the email as a public gist of the user.
Now, I wonder how I should authenticate with Github. I don't want the user to have to give me his Github password so I'm thinking about using OAuth. But as I understand it, OAuth persistent authentication only works if the user is using a web browser and is currently logging into Github. However I want to be able to post the Gist anytime the user sends me an email. What should I do?
The API's documentation speaks of two different kinds of "OAuth" tokens.
- The first kind are the normal ones (client_secret, client_id) that you get for whatever application you're building.
- Then the are the kind that are given to you when you have the user sign in via GitHub. Part of that is the scope associated with the token. You can ask the user to give you access to their gists via the scopes and then, using that token, post the gist for them. You just need to make sure you're certain their email address is correct and associated with their account.