The github auth url is https://github.com/login?client_id=2b2a9dcc53df88ddf452&return_to=/login/oauth/authorize?client_id=2b2a9dcc53df88ddf452&redirect_uri=http://www.freecodecamp.com/auth/github/callback&response_type=code&
scope=email
Here, scope=email
parameter is not a valid scope according to https://developer.github.com/v3/oauth/#scopes
If it is meant to retrieve only the public data of a user, scope
is not required to be given.
Or if it is meant to retrieve both public data and private email id, then scope
should be set to user:email
.
Currently, using an invalid scope
, only public data is retrieved but not the private email id (if this was not intentional).
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L147
https://github.com/FreeCodeCamp/FreeCodeCamp/blob/staging/server/passport-providers.js#L161
This was added in commit https://github.com/FreeCodeCamp/FreeCodeCamp/commit/2256f3ef6e2cfec7dd82b975ca5795ba792d2401
Considering that we are planning not to get email-id from GitHub soon, and just have a profile link up and sync, should we just limit this to public data scope?
Yes, that said the invalid scope needs to be rectified, still.
/cc @QuincyLarson, @BerkeleyTrue
@raisedadead I agree. We can remove this scope, as and we will no longer need email addresses through GitHub anyway.
@BerkeleyTrue if we update this scope, is there any risk of losing email addresses for campers in our database?
@QuincyLarson no loopback will not automatically remove emails. The emails we already have will not be removed.
This scope can safely be removed.
@BerkeleyTrue OK - great. Thank you for confirming this. @abhisekp since you discovered this issue, would you like to be the contributor to create the pull request?
I am sure he meant you @abhisekp ! :sweat_smile:
@raisedadead yes, thanks for correcting me. I meant @abhisekp. I failed to scroll all the way up to the top of the issue 🙂
Most helpful comment
I am sure he meant you @abhisekp ! :sweat_smile: