Installation and Authentication

Exploring Installation and Authentication Choices for SourceTraq

Overview

Discover the various installation options for SourceTraq—Browser Extension, Cloud App, and Web version. Each option offers unique advantages along with tailored authentication methods to fit your needs. Choose from simple one-click integration using your browser session or traditional username and password/API key authentication. Whichever method you prefer—be it the seamless integration of the Extension, the convenience of the Cloud App, or the flexibility of the Web version—SourceTraq is designed to enhance your repository analytics experience.

Types of Authentication

SourceTraq provides a variety of authentication options to accommodate varying security needs and user preferences. Each method comes with its own set of benefits and drawbacks:

1. One-Click Integration via Browser Session

One-Click Integration is a highly secure authentication method, as it leverages the browser's authenticated session. This approach ensures that only authorized users can access SourceTraq efficiently.

Advantages:

  • Utilizes the browser's existing authenticated session, ensuring secure access.
  • Users do not need to enter credentials, simplifying the authentication steps.
  • Allows quick and seamless access to SourceTraq without needing to keep the repository host tab open.

Limitations:

  • Requires users to be logged in to their repository host each time they use SourceTraq.
  • This method is available only for Bitbucket Data Center; other repositories will use public access instead.

2. Basic Authentication using Username and Password / API Key

Basic authentication serves as a fallback for scenarios where more secure methods are not practical. However, caution should be taken due to potential security vulnerabilities.

Advantages:

  • Enables users to authenticate with either their login credentials or an API key.
  • Useful when alternative methods are impractical or not preferred.
  • Compatible with all repository types, providing versatile options.

Limitations:

  • This method is considered less secure as it involves storing credentials (even if encoded) in the browser cache.
  • Recommended primarily when other authentication methods are unavailable or unsuitable.

3. OAuth Authentication

OAuth authentication provides an added layer of security, allowing users to grant access without sharing their credentials. This method enhances user control by requiring one-time consent during the initial setup and subsequently manages authentication through secure tokens.

Advantages:

  • Enhances security through a one-time consent process, limiting exposure of user credentials.
  • Tokens are handled via secure APIs, eliminating the need to store sensitive information locally.

Limitations:

  • Currently not implemented for SourceTraq but will be supported in a forthcoming update.
  • Auth tokens will be stored temporarily in the browser cache for continued use.
  • Requires a cloud-based repository for functionality; other repository types may need custom solutions.

Exploring Installation Options

1. Browser Extension

The Browser Extension installation provides a straightforward way to integrate SourceTraq with popular browsers, allowing users to access its functionalities with various authentication methods. Everyone will need to install the extension on their own to use it.

Advantages:

  • Accessible on major browsers such as Chrome, Edge, Opera, and Firefox.
  • Supports all authentication methods, providing versatility for users.
  • Includes a unique quick access feature for smoother navigation.
  • Centralizes settings to enhance user experience and management.

Limitations:

  • May lack official support on some lesser-known Chromium-based browsers.
  • Installation is required for each individual user.
  • Not suitable in environments that restrict users from installing extensions.

2. Cloud App

The Cloud App installation offers a streamlined integration process, providing secure storage for authentication-related information. This option eliminates the need for individual installations and makes SourceTraq readily available for all users within the instance.

Advantages:

  • Integrated within the cloud environment, removing the necessity for browser extensions.
  • Enhances security through user consent when accessing repository data.
  • Accessible to all users once installed, negating the need for individual setups.

Limitations:

  • Settings and pending data are stored in the browser cache and require the same browser for access.
  • Only applicable for cloud instances; not compatible with datacenter variants.

3. Web Version

The Web Version provides flexibility for custom hosting and ensures regular updates. It features a browser-based interface that allows users to access SourceTraq's functionalities without the need for individual installations.

Advantages:

  • Hosted as a static web application, available via any browser.
  • Allows for custom hosting if the public version is not preferable.
  • Receives regular updates for bug fixes and feature enhancements.
  • Accessible to all users without requiring individual installations.
  • Can function independently or connect with the extension to share data settings and preferences.

Limitations:

  • Requires constant internet access for utilization, unlike other options that may function offline.

4. Self-Hosted Containerized Version

The Self-Hosted Containerized Version of SourceTraq offers organizations full control over deployment and usage within their network. This option is ideal for teams that require:

  • Centralized access for all users in the organization without need for individual installations.
  • Automated generation of repository analytics documents on scheduled intervals.
  • Custom configuration of integrations, authentication, and output storage.
  • Deployment flexibility on internal infrastructure supporting Docker containers.

Advantages:

  • Full control over the environment, data storage, and schedule configuration.
  • Ensures all users have consistent access to the latest analytics and reports.
  • Can be integrated with internal or private repositories without exposing data externally.
  • Runs in a lightweight Docker container for easy maintenance and upgrades.

Limitations:

  • Requires internal infrastructure to host and manage the containerized service.
  • Updates must be performed manually by pulling new container versions regularly.
  • Initial configuration and setup are more involved compared to browser extensions and cloud apps.

Organizations choosing this self-hosted solution will benefit from enhanced control and centralized management, but should have the necessary resources to maintain the deployment effectively.