New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid Github Auth scope #11788
Comments
Considering that we are planning not to get email-id from GitHub soon, and just have a profile link up and sync, should we just limit this to public data scope? Yes, that said the invalid scope needs to be rectified, still. |
@raisedadead I agree. We can remove this scope, as and we will no longer need email addresses through GitHub anyway. @BerkeleyTrue if we update this scope, is there any risk of losing email addresses for campers in our database? |
@QuincyLarson no loopback will not automatically remove emails. The emails we already have will not be removed. This scope can safely be removed. |
@BerkeleyTrue OK - great. Thank you for confirming this. @abhisekp since you discovered this issue, would you like to be the contributor to create the pull request? |
I am sure he meant you @abhisekp ! 😅 |
@raisedadead yes, thanks for correcting me. I meant @abhisekp. I failed to scroll all the way up to the top of the issue 🙂 |
The github auth url is
https://github.com/login?client_id=2b2a9dcc53df88ddf452&return_to=/login/oauth/authorize?client_id=2b2a9dcc53df88ddf452&redirect_uri=http://www.freecodecamp.com/auth/github/callback&response_type=code&
scope=email
Here,
scope=email
parameter is not a valid scope according to https://developer.github.com/v3/oauth/#scopesIf it is meant to retrieve only the public data of a user,
scope
is not required to be given.Or if it is meant to retrieve both public data and private email id, then
scope
should be set touser:email
.Currently, using an invalid
scope
, only public data is retrieved but not the private email id (if this was not intentional).https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L147
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L161
This was added in commit 2256f3e
The text was updated successfully, but these errors were encountered: