Authorizing users via GitHub app, missing user emails. #24843

gylaz · 2019-07-03T17:30:02Z

gylaz
Jul 3, 2019

We’ve recently switched from an Oauth app to GitHub app for everything, including authenticating in.

We noticed that most of the time the user email comes in as nil/undefined. Not all, however, but majority.

Any one have an idea of why we could be missing user emails? Do we need a certain setting enabled in our GitHub app configuration? Or do emails not get exposed when user authenticates with our GitHub app? If so, what can we do to regain access to emails?

Answered by gylaz

Sep 26, 2019

If anyone comes across this, I got some help from GitHub via another channel. Here’s the gist:

The omniauth-github gem that I’m using is depending on OAuth scopes to determine if it should ask for user emails:

def email_access_allowed?
return false unless options['scope']
email_scopes = ['user', 'user:email']
scopes = options['scope'].split(',')
(scopes & email_scopes).any?
end

If it doesn’t find the oauth scope it relies on the email found in the user profile which is a different user setting that defaults to not selected. A workaround to this would be to configure omniauth to request user:emailscope. It will be ignored by GitHub as GitHub Apps don’t use scopes but it would trigger omni…

View full answer

webknjaz · 2019-07-04T15:23:53Z

webknjaz
Jul 4, 2019

There’s “Emails” entry in the GitHub App settings under “Permissions & events” -> “User permissions”. I think, you should set it to read-only.

0 replies

gylaz · 2019-07-04T15:54:08Z

gylaz
Jul 4, 2019
Author

Thanks for the reply! I believe the “Emails” permission setting is for accessing user emails via the API call.

To clarify, I’m talking about when the user first authorizes/signs-in via the GitHub app, there’s information about the user we get from GitHub (in our case, omniauth.auth in the Rails request hash). What’s odd, is we still get emails for some users after the login, but for most emails are missing. This seems to have started happening after we switched from Oauth app to GitHub app (early June, if some additional GitHub feature was released at that time).

I also noticed that GitHub now has a Keep my email address private setting in https://github.com/settings/emails but it seems to be unchecked (by default?), unless the user takes action. I suspect that isn’t the cause, as it’s unlikely most of our users enabled that option suddenly.

0 replies

gylaz · 2019-09-26T05:13:45Z

gylaz
Sep 26, 2019
Author

If anyone comes across this, I got some help from GitHub via another channel. Here’s the gist:

The omniauth-github gem that I’m using is depending on OAuth scopes to determine if it should ask for user emails:

def email_access_allowed?
return false unless options['scope']
email_scopes = ['user', 'user:email']
scopes = options['scope'].split(',')
(scopes & email_scopes).any?
end

If it doesn’t find the oauth scope it relies on the email found in the user profile which is a different user setting that defaults to not selected. A workaround to this would be to configure omniauth to request user:emailscope. It will be ignored by GitHub as GitHub Apps don’t use scopes but it would trigger omniauth to hit the user/emails API. Still need to request the user emails permission mentioned in this forum post.

1 reply

jclusso Sep 1, 2023

The scope is user:email not user:emailscope.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Authorizing users via GitHub app, missing user emails. #24843

{{title}}

Replies: 3 comments 1 reply

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

GitHub Community

Authorizing users via GitHub app, missing user emails. #24843

gylaz Jul 3, 2019

Replies: 3 comments · 1 reply

webknjaz Jul 4, 2019

gylaz Jul 4, 2019 Author

gylaz Sep 26, 2019 Author

jclusso Sep 1, 2023

gylaz
Jul 3, 2019

Replies: 3 comments 1 reply

webknjaz
Jul 4, 2019

gylaz
Jul 4, 2019
Author

gylaz
Sep 26, 2019
Author