Invalid Github Auth scope

[abhisekp]

The github auth url is https://github.com/login?client_id=2b2a9dcc53df88ddf452&return_to=/login/oauth/authorize?client_id=2b2a9dcc53df88ddf452&redirect_uri=http://www.freecodecamp.com/auth/github/callback&response_type=code&scope=email

Here, scope=email parameter is not a valid scope according to https://developer.github.com/v3/oauth/#scopes

If it is meant to retrieve only the public data of a user, scope is not required to be given.
Or if it is meant to retrieve both public data and private email id, then scope should be set to user:email.

Currently, using an invalid scope, only public data is retrieved but not the private email id (if this was not intentional).
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L147
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L161

This was added in commit 2256f3e

[raisedadead]

Considering that we are planning not to get email-id from GitHub soon, and just have a profile link up and sync, should we just limit this to public data scope?

Yes, that said the invalid scope needs to be rectified, still.

/cc @QuincyLarson, @BerkeleyTrue

[QuincyLarson]

@raisedadead I agree. We can remove this scope, as and we will no longer need email addresses through GitHub anyway.

@BerkeleyTrue if we update this scope, is there any risk of losing email addresses for campers in our database?

[BerkeleyTrue]

@QuincyLarson no loopback will not automatically remove emails. The emails we already have will not be removed.

This scope can safely be removed.

[QuincyLarson]

@BerkeleyTrue OK - great. Thank you for confirming this. @abhisekp since you discovered this issue, would you like to be the contributor to create the pull request?

[raisedadead]

I am sure he meant you @abhisekp ! 😅

[QuincyLarson]

@raisedadead yes, thanks for correcting me. I meant @abhisekp. I failed to scroll all the way up to the top of the issue 🙂