In software development, you may need to use various third-party tools (such as IDE plugins, CI tools, project management software, etc.) for collaboration. OAuth authorization provides a secure mechanism that allows you to connect your CNB account with these third-party applications without sharing your login credentials with them.

Benefits of OAuth Authorization

• Secure Connection: Third-party applications only receive temporary access tokens and cannot access your account.
• Controlled Permissions: You clearly understand the scope of permissions granted to third-party applications (e.g., they can "Read Repository" but cannot "Delete Repository").
• Revocable at Any Time: If you no longer trust or need an application, you can revoke authorization at any time.

Steps

1. Initiate Authorization Link

Typically, the operation starts within the third-party application.

• In the third-party application (e.g., Codebuddy IDE), find the "Connect CNB" or "Sign in with CNB" button.
• After clicking, your browser will automatically redirect to the CNB authorization or login page.

2. Confirm Authorization

If you are not logged in to CNB, the system will ask you to log in first. After logging in, you will see the "Authorization Request Page" as shown below:

The page will clearly tell you:

• Which application is requesting permissions.
• The specific repositories and list of permissions requested.
• The CNB account you are currently authorizing.

Please check the application name and requested permissions carefully. If everything is correct, click the [Authorize] button.

3. Connection Successful

After clicking authorize, the page will automatically redirect back to the third-party application. At this point, the third-party application has obtained permission to access your specified resources. You can operate your CNB resources (such as pulling code, viewing tasks, etc.) directly within that app without logging in again.

FAQ

1. Is my information secure?

Very secure.

• Credential Isolation: The core design intent of OAuth is to protect account security. Third-party applications will never receive your CNB login credentials.
• Temporary Tokens: We issue encrypted "access tokens" to third-party applications. These tokens have an expiration time and are valid only for that specific application.
• Security Monitoring: The CNB Security Center audits the usage of these tokens and will intercept immediately if anomalies are detected.

2. What permissions are authorized?

Before clicking "Authorize", you can view the detailed list of permissions on the authorization page. Permissions are usually divided into the following categories:

• Basic Info: Such as reading your avatar and nickname (usually used to display the current logged-in user).
• Read-Only: The app can only view your code or tasks but cannot modify them.
• Read/Write: The app can modify code, create tasks, or trigger builds.

3. How to revoke OAuth authorization?

You can revoke authorization at any time, and the action takes effect immediately:

1. Log in to CNB, click your avatar in the top right corner, and select [Settings].
2. Find [Authorized Applications] (or Authorization Management) on the left side.
3. Find the application you want to revoke in the application list. Click [Details], and then click the [Revoke All Access] button on the right side of the details page.

Once revoked, the application will no longer be able to access any of your data until you authorize it again.