You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Calling \League\OAuth2\Client\Provider\AbstractProvider::getResourceOwner in certain circumstances throws an exception.
When only the 'read:user' scope is configured and the authenticating user does not have a public email, eventually \League\OAuth2\Client\Provider\Github::fetchResourceOwnerDetails is called. The initial response has a $response['email'] = null. This eventually leads to another request to the /emails endpoint. However this endpoint won't load due to the configured scopes.
The following exception is thrown while trying to fulfill the request:
Looks like the relevant recently modified files from #20#22 lead to this change, perhaps intentionally.
I should be able to use this project without emails?
My desire is to claim that my integration does not collect emails, such that I don't need to have extensive privacy policies and get into less trouble with increasingly common data collection laws.
dpi
changed the title
Cannot login with user:read scope and no public emails
Lessen required scopes
Apr 30, 2023
That is a valid request. TBH, I haven't looked over the relevant changes that closely, but it certainly seems that we have drifted into territory where email has become a (soft) requirement.
If you would like to put together a PR, that would be appreciated. Otherwise, I will get to this when I have free time.
Calling
\League\OAuth2\Client\Provider\AbstractProvider::getResourceOwner
in certain circumstances throws an exception.When only the 'read:user' scope is configured and the authenticating user does not have a public email, eventually
\League\OAuth2\Client\Provider\Github::fetchResourceOwnerDetails
is called. The initial response has a$response['email'] = null
. This eventually leads to another request to the/emails
endpoint. However this endpoint won't load due to the configured scopes.The following exception is thrown while trying to fulfill the request:
\League\OAuth2\Client\Provider\Exception\GithubIdentityProviderException
It should be possible to match scopes required to load this endpoint before attempting. As far as I can tell the response doesn't necessarily require emails. Scopes needed:
user
oruser:email
per https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes + https://docs.github.com/en/rest/users/emails?apiVersion=2022-11-28#list-email-addresses-for-the-authenticated-user.The relevant lines for resolving emails were modified in the last 6 months.
The text was updated successfully, but these errors were encountered: