Github API will return unverified email addresses and omniauth github forwards this on, instead gem should check "verified" true https://developer.github.com/v3/users/emails/#list-email-addresses-for-a-user before sending back emails. Its a huge security hole cause people can easily impersonate.

on rails you will get an error for undefined use method (similar) solution is to Rails.application.config.middleware.use OmniAuth::Builder on rails.

Even though SemVer seems a good thing, many projects don't follow it. So I'm on a mission to ask each project to make them SemVer compliance explicit. You can see the responses I recieved so far at https://wiki.debian.org/Teams/Ruby/UpstreamPledge

Please follow SemVer and if you already do, please mention it in README. This will help in projects like gitlab which currently has ~> 1.1.1 in their Gemfile to relax it to ~> 1.1. Such a change will make maintaining debian packages easier as I can update omniauth-github without having to maintain a patch to gitlab.

I've decided to use this gem in conjunction with the github_api gem. However, I'm not 100% sure how to use the authorization I've received back from github to use the github_api gem. I know Github.new basic_auth: 'user:password' and Github.new oauth_token 'token' but I'm not exactly sure how to get that token as a response. Any help would be appreciated.

Hello, maintainer of OmniAuth here (and also of this gem 😄 ).

I just wanted to make the maintainers of this gem aware of the discussion that I have opened regarding v2.0.0 of OmniAuth. I invite you to join in and voice any concerns you may have here: omniauth/omniauth#1017

Does omniauth-github support hybrid authentication workflow like for example omniauth-facebook? I have a fully independent front-end application which handles authentication/authorization/friendly forwarding and all that stuff. What I would like to to is to window.open http://jch-dev.com:3000/auth/github/callback?code=83062c75a657f7f2d6e8 with redirect_uri set and client_id set. Basically something like this:

var data = {
  client_id: 'my-client-id',
  redirect_uri: 'http://jch-dev.com:3000/auth/github/callback'
};
window.open('//github.com/login/oauth/authorize?' + $.param(data));

This works well and it also redirects back to the server with the code, but then something goes wrong:

Started GET "/auth/github/callback?code=785cdb4262dcaef8b010" for 127.0.0.1 at 2015-08-26 14:33:08 +0200
I, [2015-08-26T14:33:08.139086 #2128]  INFO -- omniauth: (github) Callback phase initiated.
E, [2015-08-26T14:33:09.624436 #2128] ERROR -- omniauth: (github) Authentication failure! invalid_credentials: OAuth2::Error, : 
{"message":"Not Found","documentation_url":"https://developer.github.com/v3"}

OAuth2::Error (: 
{"message":"Not Found","documentation_url":"https://developer.github.com/v3"}):
  oauth2 (1.0.0) lib/oauth2/client.rb:113:in `request'
  oauth2 (1.0.0) lib/oauth2/access_token.rb:107:in `request'

Regular (non-client side) authentication works like a charm. So if I point browser to /auth/github I get the JSON response back from my omniauth-callbacks controller. Can someone please help me?

I'm up and running and users can sign in with github and all, but looking through the users only the name and uid is stored from github. Would it be more useful to identify the user by their username (which is also unique) rather than the uid? Is there a good reason for storing the uid that I am just missing? Thanks for the clarification

Hi! I've received the following email from GitHub since yesterday:

Subject: [GitHub API] Deprecation notice for authentication via URL query parameters

Hello there!

On February 3rd, 2020 at 23:51 (UTC) your application (*****) used an access token (with the User-Agent Faraday v0.17.3) as part of a query parameter to access an endpoint through the GitHub API.

https://api.github.com/user

Please use the Authorization HTTP header instead as using the `access_token` query parameter is deprecated.

Depending on your API usage, we'll be sending you this email reminder once every 3 days for each token and User-Agent used in API calls made on your behalf.
Just one URL that was accessed with a token and User-Agent combination will be listed in the email reminder, not all.

Visit https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters for more information.

Thanks,
The GitHub Team

See also https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters

I've identified the problem in the following places:

When I try the following monkey patch on my environment, it works! 🎉

class OmniAuth::Strategies::GitHub
  def raw_info
    access_token.options[:mode] = :header
    @raw_info ||= access_token.get('user').parsed
  end

  def emails
    return [] unless email_access_allowed?
    access_token.options[:mode] = :header
    @emails ||= access_token.get('user/emails', :headers => { 'Accept' => 'application/vnd.github.v3' }).parsed
  end
end

Here is the essential change: ⬇️

-access_token.options[:mode] = :query
+access_token.options[:mode] = :header

I don't want to depend on such a monkey-patch in my codebase, so I'm ready to open a new pull request if you could accept the workaround. 😄

Environment

• Ruby 2.6.5
• omniauth (1.9.0)
• omniauth-oauth2 (1.6.0)
• omniauth-github (1.3.0)

Recently, I found that there is a vulnerability issue related to omniauth gem that is affecting omniauth-github gem too. I was wondering if there's any proposal to solve this issue?

https://nvd.nist.gov/vuln/detail/CVE-2015-9284

CVE-2015-9284 More information

high severity
Vulnerable versions: <= 1.9.0
Patched version: No fix
The request phase of the OmniAuth Ruby gem is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.

There was a commit made yesterday 9/16/2022 that updated the gemspec to allow omniauth-oauth2 v1.8 but the gem when required from rubygems still depends on v1.7.1. Refencing the repo works around this but would appreciate an update if possible!👍🏻

So, basically I go to /auth/github, it redirects me to github and back. Then I want dynamically redirect to the real page.

For example, if user does get to

/auth/github?redirect_uri=http://example.com/result

it should redirect there.

I see, https://github.com/intridea/omniauth/wiki/Saving-User-Location.

But GitHub doesn't seem to work with it. My omniauth callbacks file:

https://github.com/paulmillr/ostio-api/blob/master/app/controllers/omniauth_callbacks_controller.rb

It seems like there are almost two years of changes merged into master that have not been published to rubygems. Is this gem abandoned?

Please use the Authorization HTTP header instead as using the access_token query parameter is deprecated and will be removed July 1st, 2020.

ref: https://community.zammad.org/t/github-login-deprecation-notice-with-zammad-2-10-0/3986

Here is spec: https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/identifying-users-for-github-apps/

I was having this problem with the old version of the OmniAuth GitHub plugin and just upgraded to 1.0 and am having the same problem. I can authenticate with GitHub just fine but it's just granting the default scope which is to only have read access to the public scope but I need to access private repos as well.

I'll keep digging through the code and see if I can come up with a patch but I just wanted to make sure I wasn't missing something obvious. Thanks.

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, 'aaa111', 'bbb222', :scope => 'user,repo'
end

Has anyone got this working with a Github Enterprise install?

I've tried the following:

# Gemfile
gem 'omniauth'
gem 'omniauth-github'

# app/controllers/session_controller.rb
def oauth
  render :text => request.env['omniauth.auth']['info']['nickname'].inspect
end

# config/routes.rb
devise_for :users, :controllers => {:sessions => 'sessions'}, :skip => [:sessions, :registrations] do
  [...]
  get  '/auth/github/callback'   => 'sessions#oauth',   :as => :oauth
end

# config/initializers/omniauth.rb
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, 'ecd8a15.....a93a8e5', 'bb247b3213ea5725.....efa2d0e14643a50f'
end

# Github App settings
Name: OAuth
URL: http://localhost:3000
Callback URL: http://localhost:3000/auth/github/callback

I fire up the server and visit http://localhost:3000/auth/github and it displays my Github username.

Now I want to modify it to use our Github Enterprise server:

# config/initializers/omniauth.rb
module OmniAuth
  module Strategies
    class GitHub
      option :client_options, {
          :site => 'http://localhost:3000',
          :authorize_url => 'https://github.mydomain.com/login/oauth/authorize',
          :token_url => 'https://github.mydomain.com/login/oauth/access_token'
       }
    end
  end
end

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, 'ecd8a15.....a93a8e5', 'bb247b3213ea5725.....efa2d0e14643a50f'
end

When I navigate to /auth/github, I see the following in my development.log:

Started GET "/auth/github" for 127.0.0.1 at Wed Jan 02 19:05:58 -0700 2013
(github) Request phase initiated.
[2013-01-02 19:06:01] INFO  Rails : 

Started GET "/auth/github/callback?code=bb2d7f1ffa23381c6f94&state=d03c0e92ec8b13f1939fea9c47fd6384b3ddd0a77a3b47d2" for 127.0.0.1 at Wed Jan 02 19:06:01 -0700 2013
(github) Callback phase initiated.
[2013-01-02 19:07:02] FATAL Rails : 
Faraday::Error::TimeoutError (execution expired):

What's the proper way to specify Github Enterprise URLs?

Thanks in advance. :)

I am trying to use OmniAuth Github gem for our service. The service needs to connect to Github and access private and public repos (btw it would nice if the readme would explain :scope => 'repo'). The problem I have, is that we can establish the connection to Github, but we receive an error on our backend. So the redirect to Github works, the click on 'Allow' establishes the connection, BUT we receive a failure.

Here is my configuration:

production.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_CLIENT_ID'], ENV['GITHUB_CLIENT_SECRET'], :scope => "repo"
end

routes.rb

  #omniauth
  match '/auth/failure', :to => 'omni_auth#failure'
  match '/auth/:provider/callback', :to => 'omni_auth#callback'

github_auth_controller.rb

class GithubAuthTokensController < AuthorizationController
  authorize_resource :project

  def new
    origin_url = CGI::escape(project_github_auth_tokens_path)
    redirect_to "/auth/github?origin=#{origin_url}"
  end

  def create
    if session[:omniauth] == false
      flash_error "github_service.create.flash.failure"
    else
      access_token = session[:omniauth]["credentials"]["token"]
      UserServiceData.save_access_token!(current_project, ServiceProvider.github, access_token)
      flash_success "github_service.create.flash.success"
    end

  rescue Exception => e
    flash_error e.message
  ensure
    redirect_to project_service_hooks_path(:user_url => current_project.owner.url, :project_id => current_project.to_param)
  end
end

#this controller is used to redirect to the origin url after oauth authentication
class OmniAuthController < ApplicationController
  def callback
    session[:omniauth] = auth_hash
    redirect_to origin_url_on_success || '/'
  end

  def failure
    puts "params #{params}"
    puts "FAILURE FAILURE '#{origin_url_on_failure}'"
    session[:omniauth] = false
    redirect_to origin_url_on_failure || '/'
  end

  def auth_hash
    request.env['omniauth.auth']
  end

  def origin_url_on_success
    request.env['omniauth.origin']
  end

  def origin_url_on_failure
    request.env['rack.session']['omniauth.origin']
  end
end

I am really stuck on this problem. I forked OmnitAuth, Oauth, ... just to add some put statements, but I don't figure out the problem. Here is the output from the put statements (I altered of course the credentials):

2011-11-13T12:57:45+00:00 app[web.1]: 
2011-11-13T12:57:47+00:00 app[web.1]: cache: [GET /hemju/linguist/github_auth_tokens/new] miss
2011-11-13T12:57:47+00:00 heroku[router]: GET app.lingui.st/hemju/linguist/github_auth_tokens/new dyno=web.1 queue=0 wait=0ms service=1400ms status=302 bytes=152
2011-11-13T12:57:47+00:00 heroku[nginx]: 127.0.0.1 - - [13/Nov/2011:04:57:47 -0800] "GET /hemju/linguist/github_auth_tokens/new HTTP/1.0" 302 152 "https://app.lingui.st/hemju/linguist/service_hooks" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:47+00:00 heroku[nginx]: 10.202.85.124 - - [13/Nov/2011:04:57:47 -0800] "GET /hemju/linguist/github_auth_tokens/new HTTP/1.1" 302 152 "https://app.lingui.st/hemju/linguist/service_hooks" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:47+00:00 app[web.1]: 
2011-11-13T12:57:47+00:00 app[web.1]: 
2011-11-13T12:57:47+00:00 app[web.1]: Started GET "/auth/github?origin=%2Fhemju%2Flinguist%2Fgithub_auth_tokens" for 10.202.85.124 at 2011-11-13 12:57:47 +0000
2011-11-13T12:57:47+00:00 app[web.1]: cache: [GET /auth/github?origin=%2Fhemju%2Flinguist%2Fgithub_auth_tokens] miss
2011-11-13T12:57:47+00:00 heroku[router]: GET app.lingui.st/auth/github dyno=web.1 queue=0 wait=0ms service=91ms status=302 bytes=174
2011-11-13T12:57:47+00:00 heroku[nginx]: 127.0.0.1 - - [13/Nov/2011:04:57:47 -0800] "GET /auth/github?origin=%2Fhemju%2Flinguist%2Fgithub_auth_tokens HTTP/1.0" 302 174 "https://app.lingui.st/hemju/linguist/service_hooks" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:47+00:00 heroku[nginx]: 10.202.85.124 - - [13/Nov/2011:04:57:47 -0800] "GET /auth/github?origin=%2Fhemju%2Flinguist%2Fgithub_auth_tokens HTTP/1.1" 302 174 "https://app.lingui.st/hemju/linguist/service_hooks" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: Started GET "/auth/github/callback?code=1ef746534288a4d76ad1" for 10.202.85.124 at 2011-11-13 12:57:52 +0000
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: OAUTH2#CALLBACK PHASE
2011-11-13T12:57:52+00:00 app[web.1]: body #<StringIO:0x00000006f80f60>
2011-11-13T12:57:52+00:00 app[web.1]: params {"code"=>"1ef743432988a4d76ad1"}
2011-11-13T12:57:52+00:00 app[web.1]: error 
2011-11-13T12:57:52+00:00 app[web.1]: reason 
2011-11-13T12:57:52+00:00 app[web.1]: 1
2011-11-13T12:57:52+00:00 app[web.1]: CLIENT #GET_TOKEN
2011-11-13T12:57:52+00:00 heroku[router]: GET app.lingui.st/auth/github/callback dyno=web.1 queue=0 wait=0ms service=87ms status=302 bytes=20
2011-11-13T12:57:52+00:00 heroku[nginx]: 127.0.0.1 - - [13/Nov/2011:04:57:52 -0800] "GET /auth/github/callback?code=1ef944212988a4d76ad1 HTTP/1.0" 302 20 "https://github.com/login/oauth/authorize?response_type=code&client_id=af123f0e0b1372e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:52+00:00 heroku[nginx]: 10.202.85.124 - - [13/Nov/2011:04:57:52 -0800] "GET /auth/github/callback?code=1ef746512988a4d76ad1 HTTP/1.1" 302 20 "https://github.com/login/oauth/authorize?response_type=code&client_id=af023f342a1372e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: Started GET "/auth/failure?message=invalid_credentials" for 10.202.85.124 at 2011-11-13 12:57:52 +0000
2011-11-13T12:57:52+00:00 app[web.1]: params {"message"=>"invalid_credentials", "controller"=>"omni_auth", "action"=>"failure"}
2011-11-13T12:57:52+00:00 app[web.1]: FAILURE FAILURE ''
2011-11-13T12:57:52+00:00 app[web.1]: cache: [GET /auth/failure?message=invalid_credentials] miss
2011-11-13T12:57:52+00:00 heroku[router]: GET app.lingui.st/auth/failure dyno=web.1 queue=0 wait=0ms service=19ms status=302 bytes=113
2011-11-13T12:57:52+00:00 heroku[nginx]: 127.0.0.1 - - [13/Nov/2011:04:57:52 -0800] "GET /auth/failure?message=invalid_credentials HTTP/1.0" 302 113 "https://github.com/login/oauth/authorize?response_type=code&client_id=af023f0e0b1123e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:52+00:00 heroku[nginx]: 10.202.85.124 - - [13/Nov/2011:04:57:52 -0800] "GET /auth/failure?message=invalid_credentials HTTP/1.1" 302 113 "https://github.com/login/oauth/authorize?response_type=code&client_id=af023f0e012332e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: 
2011-11-13T12:57:52+00:00 app[web.1]: Started GET "/" for 10.202.85.124 at 2011-11-13 12:57:52 +0000
2011-11-13T12:58:00+00:00 heroku[nginx]: 127.0.0.1 - - [13/Nov/2011:04:58:00 -0800] "GET / HTTP/1.0" 200 2952 "https://github.com/login/oauth/authorize?response_type=code&client_id=af023f0e0b23452e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:58:00+00:00 heroku[nginx]: 10.202.85.124 - - [13/Nov/2011:04:58:00 -0800] "GET / HTTP/1.1" 200 2952 "https://github.com/login/oauth/authorize?response_type=code&client_id=af023f0e0b243432e94367&redirect_uri=https%3A%2F%2Fapp.lingui.st%2Fauth%2Fgithub%2Fcallback&scope=repo" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2" app.lingui.st
2011-11-13T12:58:00+00:00 app[web.1]: cache: [GET /] miss

hi,

Could you consider switching to RSpec3?
for basic support:

• replace stub in let{} by double
• replace mock by double
• replace stub! by stub

Cheers

I am getting 404 error message after entering URL http://localhost:3000/auth/github

initializer.rb

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :github, ENV['GITHUB_CLIENT_ID'], ENV['GITHUB_CLIENT_SECRET']
end

routes.rb

get '/auth/:provider/callback', to: 'sessions#create'

GitHub configuration:
Homepage URL

http://localhost:3000

Authorization callback URL
http://localhost:3000/auth/github/callback

Hi,I'm making an app which used omniauth-github gem to generate user token with user and admin:org scope
Its giving me empty results while try to fetch an organization's members
This is the curl request I'm sending, with the token generated using the gem -
curl -u shreyaq3:<omniauth toekn> https://api.github.com/orgs/org_id/members
And this is response -
[ ]
I'm pretty sure that the scopes are correct.

I'm using setup phase in omniauth to dynamically set the client id and secret

Rails.application.config.middleware.use OmniAuth::Builder do
   provider :github, setup: true, scope: "user,read:org,write:org,admin:org"
end

def setup
  request.env['omniauth.strategy'].options[:client_id] = app_id
  request.env['omniauth.strategy'].options[:client_secret] = app_secret
end

However when I manually create a token for the same scope using github's token generation tool, I get correct results
This is request -
curl -u shreyaq3:<github token> https://api.github.com/orgs/org_id/members
Response -

[
  {
    "login": "xxx",
    "id": yyy,
    ....
    "type": "User",
    "site_admin": false
  }
]

Could you tell me if what am I missing. Is there something wrong with the token or perhaps I'm missing a step in authentication?

https://github.com/login/oauth/authorize (auth url) is now broken. this should be changed.

When trying to log I'm now getting the following response:

{
  "message":"Must specify access token via Authorization header. https://developer.github.com/changes/2020-02-10-deprecating-auth-through-query-param",
  "documentation_url":"https://docs.github.com/v3/#oauth2-token-sent-in-a-header"
}

ReadMe would be more clear to the setup and purpose of this repo if it mentioned to include gem 'omniauth-github' in the gemfile.

Right link today is https://github.com/settings/developers

For some reason authentication always fails after "allowing" github, but not when I specify scope: "user". This is the error message that I get:

ERROR -- omniauth: (github) Authentication failure! invalid_credentials: OAuth2::Error, : {"message":"Not Found"}

However, Github is posting to my callback URL:

/auth/github/callback?code=HASH123

Looking through the stacktrace, it looks like this file is having the problem:

# Line 46: lib/omniauth/strategies/github.rb
@emails ||= access_token.get('/user/emails').parsed

I'm not sure if this is an error on my part or a bug. Just thought I'd mention it.

CSRF issue in omniauth 2 see PR:

Hi there,

I'm trying to get this thing to work and for some reason it just will not. It's passing a redirect_uri param like http://localhost:3000/auth/github/callback?code=...&state=... and on the integration page the callback url is listed as http://localhost:3000/auth/github/callback. Has anyone ever hit this error?

I'm not sure what the source of the issue is. Everything works fine when a user is already logged in to GitHub, but if they are prompted to log in, the redirect is to github.com instead. In case the login parameters might help diagnose the problem, here they are:

?return_to=%2Flogin%2Foauth%2Fauthorize%3Fclient_id%3D81132bde02e11f7f2e67%26redirect_uri%3Dhttp%253A%252F%252Flansingcodelab.com%252Fauth%252Fgithub%252Fcallback%26response_type%3Dcode%26scope%3Duser%253Aemail%252Cnotifications%252Cpublic_repo%26state%3Dde3ea4e1be77b433b392ce879ae075f85dfd25d5cacd37cc

I keep getting this exception occur when trying to authenticate via GitHub.

Requiring the 'omniauth-github' gem causes this warning:

WARN -- : You are setting a key that conflicts with a built-in method OmniAuth::AuthHash::InfoHash#name defined at /Users/jgnagy/.rvm/gems/ruby-2.3.1/gems/omniauth-1.3.2/lib/omniauth/auth_hash.rb:34. This can cause unexpected behavior when accessing the key via as a property. You can still access the key via the #[] method.

I believe this is caused by this line:

https://github.com/intridea/omniauth-github/blob/master/lib/omniauth/strategies/github.rb#L32

Perhaps call it something other than name in the info hash?

As discussed here by @casperisfine and @BobbyMcWho, we should give access to RubyGems to one of the active maintainers of this project, so that new gem versions can be released.

Current owners are @mbleigh and @tmilewski. Guys, can you give either @BobbyMcWho or me access to RubyGems to cut a new version?

It would be awesome if you could release a new version of this gem that includes the feature that prefers the primary github email if it has access to retrieve it.

Thanks!

Would you push new version to rubygems.org? The latest version on rubygems.org is 1.1.2 April 10, 2014. Thanks.

Hi. Thanks for a great piece of code. Got it working without a hitch.

My scope clause is set to:

scope: "user,repo,gist,read:org"

However, the only thing I'm getting back that looks like an org list is as follows

{
  "provider": .....
  "info":{
    .....
    }
  },
  "credentials":{
   .....
  },
  "extra":{
    "raw_info":{
       ....
      "organizations_url":"https://api.github.com/users/...user.../orgs",
       ... 
    }
  }
}

Then, if I visit that url, I get an empty array []?

Any ideas on how to get a populated org list into the create_with_omniauth() callback?

Thanks for your time?

Getting this error:

OAuth2::Error

bad_verification_code: 
error=bad_verification_code

Using this code: https://gist.github.com/8dce97b1544f17535dae (full trace is included).

Any ideas?

I'm using omniauth-github 1.1.2 with Sinatra. In development mode (application callback points to http://localhost:3000/auth/github/callback) I'm not able to authorize due to the error:

(github) Authentication failure! csrf_detected: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected
(github) Authentication failure! invalid_credentials: OmniAuth::Strategies::OAuth2::CallbackError, csrf_detected | CSRF detected

It happens only in Chrome, in Firefox everything works fine.

The related code:

use OmniAuth::Builder do
  provider :github, '11111', '22222222', scope: 'user:email'
end

Hey,

first of all, thank you so much for omniauth-github it makes it so easy to integrate oauth!

I have 3 email addresses configured on my account and they are not private. since the last version bump

• auth_hash['info']['email'] is nil,
• auth_hash['extra']['all_emails'] is []
• auth_hash['extra']['raw_info']['email'] contains my primary email.

anything I can help with debugging?

Would be good to have travis-ci or circle ci run the test suite on pull requests and master after merges.

When expiring access tokens are enabled a refresh_token and refresh_token_expires_in are returned. Can the refresh_token_expires_in be added to the credentials hash.

https://docs.github.com/en/developers/apps/building-github-apps/identifying-and-authorizing-users-for-github-apps#response

{
  "access_token": "ghu_16C7e42F292c6912E7710c838347Ae178B4a",
  "expires_in": 28800,
  "refresh_token": "ghr_1B4a2e77838347a7E420ce178F2E7c6912E169246c34E1ccbF66C46812d16D5B1A9Dc86A1498",
  "refresh_token_expires_in": 15811200,
  "scope": "",
  "token_type": "bearer"
}

Given the issues with getting access to Rubygems, we're switching to using a git source.

I'd rather not fetch from the master branch, so are you able to tag a new release which includes the changes in #84 ?

is possible to authenticate only team or organisation members?