Authorizing Access to Your Source Code

Most developers use a tool to manage the archiving and versioning of their source code. Such systems are referred to as Version Control Systems (VCS).

Thankfully, the industry has standardized over the years to models based upon Git. “Git was originally authored by Linus Torvalds in 2005 for development of the Linux kernel.” Since then, systems based upon Git have become prominent in the industry. These include GitHub, GitLab and Bitbucket. iCR for Go is designed to work with all three of these industry leading Version-Control Systems (VCS), and before iCR can analyze your source code, it needs to be authorized to access your VCS repositories.

GitHub, GitLab are offered with 2 distinct deployment models. There is the cloud version in which a developer’s source code is stored in the cloud using servers provided by the VCS itself. iCR also supports Bitbucket in this cloud deployment model. A developer logs into the cloud service and then gains access to their personal projects.

A similar service is available for private deployments for GitHub and GitLab. In these cases, an “enterprise” version of GitHub or GitLab is acquired by the developer and installed within their development network. In these cases, a developer still must authenticate with the VCS in order to gain access to their source code.

One of the key features of iCR is that using it does not require you to expose your source code outside of your own development team. So how does iCR gain access to your source code?

You need to authorize iCR for Go to access your projects. In order to do this securely, and to ensure that OpenRefactory NEVER has access to your Users’ login credentials, we employ the industry standard protocol: OAuth.

From Wikipedia: “OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.”

OAuth is used for both cloud-based and privately deployed instances of GitHub, GitLab and Bitbucket. The setup is slightly different for each, so they will be explained individually in the following pages.