Firstly, thank you for all your work!
I have a slightly obscure question for you.
There doesn’t seem to be a generally accepted way to test R packages which depend on OAuth2.0 in an open, collaborative manner. This is an important problem for developing R API packages, and you lot seem keen on that!
My own interest is the boxr package.
The general problem seems to be that while the client id and secret are stable over sessions, the actual auth/refresh tokens (can) change after every session. This means that they aren’t amenable to being stored as encrypted Travis vars.
There seem to be at least two solutions:
Using ‘secure packages’ - Each package on GitHub would have a ‘shadow package’ to store it’s tokens, and each CI operation on the ‘main’ repo would clone, and then commit & push back to the ‘shadow repo’ using git/gitr. This seems messy and error prone.
Using a light REST API which simply accepts and returns strings, representing salted and hashed tokens. httr/RCurl would already be a dependency.
The first is a lot of computational ‘work’ for something as simple as storing a string remotely, would add dependencies and time to CI builds.
I’ve been thinking about writing a small solution for the second option, using Node.js.
It would be very simple; a repo would have some sort of credential (which could be an encrypted Travis var). The remote REST service would simply allow requests with that credential to read/write-to a remote json string, containing one or more tokens. These could be salted and hashed (another encrypted Travis var), so that access to the server itself would not grant access to a repo’s tokens.
However, hardware to host the service is an issue.
I have no server of my own, I’m wary of others’ work depending on me paying AWS bills for a lolz side project, and users would be right to feel uneasy sharing (encrypted) tokens with some guy from the Internet.
The Question: Would rOpenSci potentially have any interest in hosting such a service, if (!) I managed to write something open source and fit-for-purpose?
(A commercial data scientist, San Francisco)