We’d like to request to auto-connect the password-manager-service interface for protogrid.
As our users can choose to remember their credentials we are using node-keytar to store the password. Targeting a wide audience, users should not have to use the command line to get protogrid to run.
Is that actually the case, though? Does protogrid not run if it can’t remember credentials? Or can it simply not actually remember credentials without having the user grant access?
As a general rule I’m -1 against autoconnecting anything to the password manager service. That allows the snap to automatically snoop other passwords, and allows others to snoop the snap’s passwords. I think the user should need to explicitly opt in to this risk.
Thank you very much for your response!
We considered your point and concluded to implement a dialog in our app where users can decide if they want to grant permission.
I think that’s a great idea!
