Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation/github-connector: warn user that GitHub email id should be public. #972

Merged
merged 1 commit into from
Jun 20, 2017
Merged

Documentation/github-connector: warn user that GitHub email id should be public. #972

merged 1 commit into from
Jun 20, 2017

Conversation

rithujohn191
Copy link
Contributor

Looks like a lot of users are trying the GitHub connector with private email ids.

@rithujohn191 rithujohn191 requested a review from ericchiang June 19, 2017 22:56
@rithujohn191 rithujohn191 mentioned this pull request Jun 19, 2017
Closed
ericchiang
ericchiang reviewed Jun 19, 2017
View reviewed changes
Documentation/github-connector.md Outdated
@@ -8,7 +8,7 @@ When a client redeems a refresh token through dex, dex will re-query GitHub to u

## Configuration

Register a new application with [GitHub][github-oauth2] ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`.
Register a new application with [GitHub][github-oauth2] ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`. Please note that a user needs to mark their email id as public in GitHub, so that the ID token that gets returned for this user contains an email id field in the ID token claims.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's kinda sounds like you're saying that ID tokens are returned by GitHub.

Also might be worth marking this as a known caveat. e.g. https://github.com/coreos/dex/blob/master/Documentation/oidc-connector.md#caveats or https://github.com/coreos/dex/blob/master/Documentation/saml-connector.md#caveats

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should I just leave at "users should have their email ids as public"?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep will create a new caveat section for it. Maybe also add our GitHub orgs problem there.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think detail the fact that GitHub's API won't return an email if the end user's email isn't public. However you want to word that, but the current sentence isn't super clear.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rithujohn191
Copy link
Contributor Author

Made changes according to the feedback.

ericchiang
ericchiang approved these changes Jun 20, 2017
View reviewed changes
Copy link
Contributor

@ericchiang ericchiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@rithujohn191 rithujohn191 merged commit 3493e30 into dexidp:master Jun 20, 2017
@rithujohn191 rithujohn191 deleted the github-doc branch June 20, 2017 20:50
@simonbyrne
Copy link

Note that you should be able to get non-public emails with user:email scope, but you need to explicitly query api.github.com/user/emails

e.g. see thephpleague/oauth2-client#9 (comment)

@ericchiang ericchiang mentioned this pull request Aug 7, 2017
Closed
mmrath pushed a commit to mmrath/dex that referenced this pull request Sep 2, 2019
@rithujohn191
Merge pull request dexidp#972 from rithujohn191/github-doc
2f1ae05 
Documentation/github-connector: warn user that GitHub email id should be public.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericchiang ericchiang ericchiang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rithujohn191 @simonbyrne @ericchiang