Authorizing users via GitHub app, missing user emails. #24843
-
We’ve recently switched from an Oauth app to GitHub app for everything, including authenticating in. We noticed that most of the time the user email comes in as nil/undefined. Not all, however, but majority. Any one have an idea of why we could be missing user emails? Do we need a certain setting enabled in our GitHub app configuration? Or do emails not get exposed when user authenticates with our GitHub app? If so, what can we do to regain access to emails? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
There’s “Emails” entry in the GitHub App settings under “Permissions & events” -> “User permissions”. I think, you should set it to read-only. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the reply! I believe the “Emails” permission setting is for accessing user emails via the API call. To clarify, I’m talking about when the user first authorizes/signs-in via the GitHub app, there’s information about the user we get from GitHub (in our case, I also noticed that GitHub now has a Keep my email address private setting in https://github.com/settings/emails but it seems to be unchecked (by default?), unless the user takes action. I suspect that isn’t the cause, as it’s unlikely most of our users enabled that option suddenly. |
Beta Was this translation helpful? Give feedback.
-
If anyone comes across this, I got some help from GitHub via another channel. Here’s the gist: The omniauth-github gem that I’m using is depending on OAuth scopes to determine if it should ask for user emails:
If it doesn’t find the oauth scope it relies on the email found in the user profile which is a different user setting that defaults to not selected. A workaround to this would be to configure omniauth to request |
Beta Was this translation helpful? Give feedback.
If anyone comes across this, I got some help from GitHub via another channel. Here’s the gist:
The omniauth-github gem that I’m using is depending on OAuth scopes to determine if it should ask for user emails:
If it doesn’t find the oauth scope it relies on the email found in the user profile which is a different user setting that defaults to not selected. A workaround to this would be to configure omniauth to request
user:emailscope
. It will be ignored by GitHub as GitHub Apps don’t use scopes but it would triggeromni…