starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🚀 Feature: Mark certain apps so they do not appear in "my apps" for any user #77

New Issue
Open
opened 2025-10-07 00:00:53 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2025-10-07 00:00:53 +03:00
Owner
Copy Link

Originally created by @nathanapples on GitHub.

Feature description

checkbox on the page for adding an oidc client for making the app appear or not appear on the "my apps page"

Pitch

Some oidc clients are not strictly speaking apps that you would have any desire to "go to" or display in that list. For example I have cloudflare as an oidc client so that I can use cloudflare access rules for certain sites. Cloudflare access itself is not an "app", you cannot go to it in the way you can other apps, and I would like to not confuse users who have the ability to authenticate with cloudflare that there is an app named cloudflare.

Originally created by @nathanapples on GitHub. ### Feature description checkbox on the page for adding an oidc client for making the app appear or not appear on the "my apps page" ### Pitch Some oidc clients are not strictly speaking apps that you would have any desire to "go to" or display in that list. For example I have cloudflare as an oidc client so that I can use cloudflare access rules for certain sites. Cloudflare access itself is not an "app", you cannot go to it in the way you can other apps, and I would like to not confuse users who have the ability to authenticate with cloudflare that there is an app named cloudflare.
OVERLORD added the needs more upvotes label 2025-10-07 00:00:53 +03:00
OVERLORD commented 2025-10-07 00:00:54 +03:00
Author
Owner
Copy Link

@nathanapples commented on GitHub:

Apps only show up if you've authenticated and you are using this page as a way to manage which apps you would like to still have access to your credentials?

If so, I guess that makes sense to not take away a user's ability to manage access to some extent. I mean ultimately this is in my homelab where I have friends and family who are using pocket to access certain apps. I am kind of using this page as a launch spot for applications. I think the cloudflare auth being in their "apps" list is more confusing than helpful in my use case but I totally get where you are coming from because I am probably in the minority.

Proposed compromises:

1 - What about at least being able to add a description to each app so users can be explained what the auth is for and why there might be a greyed link or whatever?

Image

2 - Another suggestion is to have it broken into sections where you can customize what the title of the section is like "my apps" could be one section and "authentication service" or something could be another category.

Image

Another idea now that I understand the function of the "my apps" page better:

1 - I would like to be able to "turn on" apps in this "my apps" section that you have not authenticated with yet as a way to get to apps in my community of apps that you are allowed to authenticate with. This could be in another section called "not yet authenticated" or have some kind of indication that you are not yet using it. Also whether the app displays could be based on whether the user is in an "allowed group" for the user. Let me know if I should create a separate feature suggestion for this.

@nathanapples commented on GitHub: Apps only show up if you've authenticated and you are using this page as a way to manage which apps you would like to still have access to your credentials? If so, I guess that makes sense to not take away a user's ability to manage access to some extent. I mean ultimately this is in my homelab where I have friends and family who are using pocket to access certain apps. I am kind of using this page as a launch spot for applications. I think the cloudflare auth being in their "apps" list is more confusing than helpful in my use case but I totally get where you are coming from because I am probably in the minority. Proposed compromises: 1 - What about at least being able to add a description to each app so users can be explained what the auth is for and why there might be a greyed link or whatever? <img width="1989" height="579" alt="Image" src="https://github.com/user-attachments/assets/fbb1685e-9d96-48fe-9790-90e54c6b5d0c" /> 2 - Another suggestion is to have it broken into sections where you can customize what the title of the section is like "my apps" could be one section and "authentication service" or something could be another category. <img width="1972" height="1141" alt="Image" src="https://github.com/user-attachments/assets/d1a3b4f5-cd9e-4317-9d2e-5e607a83954e" /> Another idea now that I understand the function of the "my apps" page better: 1 - I would like to be able to "turn on" apps in this "my apps" section that you have not authenticated with yet as a way to get to apps in my community of apps that you are allowed to authenticate with. This could be in another section called "not yet authenticated" or have some kind of indication that you are not yet using it. Also whether the app displays could be based on whether the user is in an "allowed group" for the user. Let me know if I should create a separate feature suggestion for this.
OVERLORD commented 2025-10-07 00:00:54 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

I suppose we could, just not show the app uf the launch url is blank? Would that be a suitable solution? @stonith404 whats your thoughts on that?

@kmendell commented on GitHub: I suppose we could, just not show the app uf the launch url is blank? Would that be a suitable solution? @stonith404 whats your thoughts on that?
OVERLORD commented 2025-10-07 00:00:55 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

I think this is a valid idea, but there’s a problem: the page is also used to revoke authorized clients. If we only showed clients with a launch URL, users wouldn’t be able to revoke access for clients that don’t have one.

@nathanapples Since users should be able to see all authorized clients and revoke access if needed, I think it still makes sense to display the client regardless. In that case I would just leave the launch URL empty. What do you think?

@stonith404 commented on GitHub: I think this is a valid idea, but there’s a problem: the page is also used to revoke authorized clients. If we only showed clients with a launch URL, users wouldn’t be able to revoke access for clients that don’t have one. @nathanapples Since users should be able to see all authorized clients and revoke access if needed, I think it still makes sense to display the client regardless. In that case I would just leave the launch URL empty. What do you think?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label needs more upvotes
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#77
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?