Freecodecamp: Invalid Github Auth scope

Created on 24 Nov 2016  ·  6Comments  ·  Source: freeCodeCamp/freeCodeCamp

The github auth url is https://github.com/login?client_id=2b2a9dcc53df88ddf452&return_to=/login/oauth/authorize?client_id=2b2a9dcc53df88ddf452&redirect_uri=http://www.freecodecamp.com/auth/github/callback&response_type=code&scope=email

Here, scope=email parameter is not a valid scope according to https://developer.github.com/v3/oauth/#scopes

If it is meant to retrieve only the public data of a user, scope is not required to be given.
Or if it is meant to retrieve both public data and private email id, then scope should be set to user:email.

Currently, using an invalid scope, only public data is retrieved but not the private email id (if this was not intentional).
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L147
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L161

This was added in commit https://github.com/FreeCodeCamp/FreeCodeCamp/commit/2256f3ef6e2cfec7dd82b975ca5795ba792d2401

help wanted
Source
picture abhisekp

Most helpful comment

I am sure he meant you @abhisekp ! :sweat_smile:

picture raisedadead on 30 Nov 2016
👍2 😄1

All 6 comments

Considering that we are planning not to get email-id from GitHub soon, and just have a profile link up and sync, should we just limit this to public data scope?

Yes, that said the invalid scope needs to be rectified, still.

/cc @QuincyLarson, @BerkeleyTrue

raisedadead picture raisedadead on 24 Nov 2016

@raisedadead I agree. We can remove this scope, as and we will no longer need email addresses through GitHub anyway.

@BerkeleyTrue if we update this scope, is there any risk of losing email addresses for campers in our database?

QuincyLarson picture QuincyLarson on 24 Nov 2016

@QuincyLarson no loopback will not automatically remove emails. The emails we already have will not be removed.

This scope can safely be removed.

BerkeleyTrue picture BerkeleyTrue on 29 Nov 2016

@BerkeleyTrue OK - great. Thank you for confirming this. @abhisekp since you discovered this issue, would you like to be the contributor to create the pull request?

QuincyLarson picture QuincyLarson on 30 Nov 2016
😕1 😄1

I am sure he meant you @abhisekp ! :sweat_smile:

raisedadead picture raisedadead on 30 Nov 2016
👍2 😄1

@raisedadead yes, thanks for correcting me. I meant @abhisekp. I failed to scroll all the way up to the top of the issue 🙂

QuincyLarson picture QuincyLarson on 30 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jurijuri picture jurijuri  ·  3Comments
SaintPeter picture SaintPeter  ·  3Comments
imhuyqn picture imhuyqn  ·  3Comments
ROWn1ne picture ROWn1ne  ·  3Comments
robwelan picture robwelan  ·  3Comments