Giters

ueberauth / ueberauth_github

GitHub OAuth2 Strategy for Überauth

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Minimum scope to only request a username (nickname)

aiwaiwa opened this issue · comments

commented

Problem Statement

Hello! Thank you for the great library!
I'm trying to achieve an authentication of github users without fishing for their emails.

I've gone through all kinds of scopes, and found this note in the README:

For a read-only scope, either use "user:email" or an empty scope "". See more at
[GitHub's OAuth Documentation](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps/).

So I went ahead and tried the "" scope, which is supposedly giving me what I'm aiming:

config :ueberauth, Ueberauth,
  providers: [
    github:
      {Ueberauth.Strategy.Github,
       [
         # default_scope: "user:email",
         # default_scope: "user,public_repo",
         default_scope: "",
         callback_path: "/auth/github/callback"
       ]}
  ]

But during authentication, the following Unable to access the user's email address error is unfortunately raised:

iex> [error] #PID<0.918.0> running Phoenix.Endpoint.SyncCodeReloadPlug (connection #PID<0.856.0>, stream id 4) terminated
Server: 127.0.0.1:4000 (http)
Request: GET /auth/github/callback?code=_____REPLACED____&state=_____REPLACED____
** (exit) an exception was raised:
    ** (RuntimeError) Unable to access the user's email address
        (ueberauth_github 0.8.2) lib/ueberauth/strategy/github.ex:226: Ueberauth.Strategy.Github.fetch_email!/2
        (ueberauth_github 0.8.2) lib/ueberauth/strategy/github.ex:178: Ueberauth.Strategy.Github.info/1
        (ueberauth 0.10.5) lib/ueberauth/strategy.ex:349: Ueberauth.Strategy.auth/2
        (phoenix 1.7.2) lib/phoenix/router.ex:421: Phoenix.Router.__call__/5

Is there anything else I need to do? Is it feasible?

Solution Brainstorm

No response

commented

It was intentionally to expect the email

ueberauth_github/lib/ueberauth/strategy/github.ex

Lines 222 to 227 in 8b96898

defp fetch_email!(user, allow_private_emails) do
user["email"] ||
get_primary_email!(user) ||
get_private_email!(user, allow_private_emails) ||
raise "Unable to access the user's email address"
end

So the code needs to be updated.

It's still trying to figure out why it was done that way, but it's prudent to try to figure out the Why behind it. Ideally, the email is not required in Ueberauth layer itself, and it is OK to accept nil.

PR welcome 🙏🏻

commented

Thank you for your trust :D Nothing really crazy there, I just gave it shot with nil for email field and the whole workflow seems to simply digest it. Not saying that there might not be any hidden aftereffects!