Security

[moltar]

I checked the docs and didn't see any mention of security. Does the service get access to the token (middleman), or does everything happen within user's browser?

If the saml.to gets access to the token, what measures are taken to keep it secure?

Thanks.

[cnuss]

Hi @moltar great question, thank you! I'll get a doc together for you on docs.saml.to and we can go through it and answer any questions you have.

Long story short, yes, saml.to is assisted with a backend API.

With respect to the SAML Assertion flow (assuming a role), SAML.to Frontends or the CLI sends the GitHub user token to the SAML.to backend. The backend redacts tokens in logs and doesn't store them. Logs are encrypted. They're sent to https://api.github.com/user in exchange for "user identity" when we receive an authenticated and then never used again in the SAML exchange. The max scope we need for a GitHub user token is user:email (read only)

With respect to installation tokens for access to the saml-to.yml that's a longer story, but we do exercise best practices handling that token (encryption, redaction, etc) and it's a narrowly scoped token, which I will detail in the doc.

I'll post a link to the the doc in this thread with more granular specifics once it's live so stay tuned!

[moltar]

Thanks, Christian! Looking forward to the docs. :)