This project uses user-mediated Oauth for all integration authorizations. This is great security practice most of the time. However, the Airtable Oauth requires a user to grant permission to specific bases. This requires them to know which base they are trying to access. Not a grat system!
Alternatively, we could use a Personal Access Token (PAT). This has some drawbacks -- if security is compromised, anyone could destroy the whole airbase; also, all changes to the base will appear to come from the app creator, rather than from the individual user.
What is the best practice in this situation?
This project uses user-mediated Oauth for all integration authorizations. This is great security practice most of the time. However, the Airtable Oauth requires a user to grant permission to specific bases. This requires them to know which base they are trying to access. Not a grat system!
Alternatively, we could use a Personal Access Token (PAT). This has some drawbacks -- if security is compromised, anyone could destroy the whole airbase; also, all changes to the base will appear to come from the app creator, rather than from the individual user.
What is the best practice in this situation?