[LEDE-DEV] [LEDE DEV][wiki] Login with github
Martin Tippmann
mt at i3o.de
Sat Oct 1 13:28:49 PDT 2016
On Sat, Oct 1, 2016 at 5:25 PM, Thomas Endt <tmo26 at gmx.de> wrote:
> IIRC it was Martin who proposed to use oAuth to log in to the wiki with
> github credentials.
>
> I installed the oAuth plugin (https://www.dokuwiki.org/plugin:oauth) for
> this purpose and created an oAuth application with my github account for
> testing purposes.
...
> Please let me know your thoughts.
Hi, thanks for setting that up! Works for me but I hope it's possible
to reduce the required permissions for the login. At the moment the
OAuth Plugin gets full read+write access to the profile of the github
account. See the attached screenshot.
At least in Gitlab OAuth for GitHub only requires read-only access to
the E-Mail address. I don't think DokuWiki needs more than that. For
very least no write access to the GitHub profile should be allowed.
There seem to be no simple settings in either the plugin nor in github
to change that... :/
The problem is here:
https://github.com/cosmocode/dokuwiki-plugin-oauth/blob/d9da59c6500ecb955f2b920b2a6ab85a6737ffab/classes/GithubAdapter.php#L35
SCOPE_USER should not be required here, SCOPE_USER_EMAIL should be
enough. See also here:
https://developer.github.com/v3/oauth/#scopes
Should we just patch the oauth plugin? Is there a way to make this
update proof?
regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lede-oauth.png
Type: image/png
Size: 44828 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/lede-dev/attachments/20161001/5a9e349c/attachment-0001.png>
More information about the Lede-dev
mailing list