auth: dynamic request scopes for GitHub OAuth provider (!8296) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/github-oauth-request-scopes-opt-in into master Feb 06, 2020

Created by: unknwon

This PR implements dynamic request scopes for GitHub OAuth provider, which tries to request the minimum scopes we need. In particular, if allowOrgs is not configured, the scope will not include read:org, and vice versa.

I manually tested and can confirm once the scopes are changed (i.e. admin changed the site configuration), the user could re-sign in to Sourcegraph and see the "Authorize application" page from GitHub to see what new scopes are requested.

Unit tests are also added.

Fixes https://github.com/sourcegraph/sourcegraph/issues/8163.

auth: dynamic request scopes for GitHub OAuth provider

Merge request reports