Skip to content

Explicitly add email scope for social auth login. #5638

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 18, 2025
Merged

Explicitly add email scope for social auth login. #5638

merged 2 commits into from
Sep 18, 2025

Conversation

robinjhuang
Copy link
Member

@robinjhuang robinjhuang commented Sep 18, 2025
edited by sync-by-unito bot
Loading

Summary

Some users were authenticating successfully but their email addresses weren't being extracted from the Firebase token. This happened because we weren't explicitly requesting the email scope during OAuth authentication.

While Firebase's default configuration includes basic profile info, it doesn't guarantee email access for all account types - particularly Google Workspace accounts with restrictive policies or users with privacy-conscious settings.

Github Scopes

Changes

Adding email scope for Google + Github social OAuth.

Review Focus

N/A

Screenshots (if applicable)

┆Issue is synchronized with this Notion page by Unito

@robinjhuang robinjhuang requested a review from a team as a code owner September 18, 2025 18:26
@dosubot dosubot bot added the size:XS This PR changes 0-9 lines, ignoring generated files. label Sep 18, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 18, 2025
edited
Loading

🎭 Playwright Test Results

All tests passed!

⏰ Completed at: 09/18/2025, 06:50:26 PM UTC

📈 Summary

  • Total Tests: 450
  • Passed: 421 ✅
  • Failed: 0
  • Flaky: 0
  • Skipped: 29 ⏭️

📊 Test Reports by Browser

  • chromium: View Report • ✅ 414 / ❌ 0 / ⚠️ 0 / ⏭️ 29
  • chromium-2x: View Report • ✅ 2 / ❌ 0 / ⚠️ 0 / ⏭️ 0
  • chromium-0.5x: View Report • ✅ 1 / ❌ 0 / ⚠️ 0 / ⏭️ 0
  • mobile-chrome: View Report • ✅ 4 / ❌ 0 / ⚠️ 0 / ⏭️ 0

🎉 Click on the links above to view detailed test results for each browser configuration.

DrJKL
DrJKL previously approved these changes Sep 18, 2025
View reviewed changes
Copy link
Contributor

@DrJKL DrJKL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the mocks in the test need to be updated, but 👍🏻

@DrJKL DrJKL requested a review from a team as a code owner September 18, 2025 18:40
AustinMroz
AustinMroz reviewed Sep 18, 2025
View reviewed changes
Copy link
Collaborator

@AustinMroz AustinMroz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@christian-byrne
Copy link
Contributor

I feel like we should just use uid for the whitelist, but adding extra consent box on sign up isn't too bad for now.

@christian-byrne christian-byrne merged commit a886798 into main Sep 18, 2025
21 checks passed
@christian-byrne christian-byrne deleted the rh-auth-scopes branch September 18, 2025 21:09
christian-byrne pushed a commit that referenced this pull request Sep 18, 2025
@robinjhuang @DrJKL @christian-byrne
Explicitly add email scope for social auth login. (#5638)
c7bbab5 
## Summary

Some users were authenticating successfully but their email addresses
weren't being extracted from the Firebase token. This happened because
we weren't explicitly requesting the email scope during OAuth
authentication.
 
While Firebase's default configuration includes basic profile info, it
doesn't guarantee email access for all account types - particularly
Google Workspace accounts with restrictive policies or users with
privacy-conscious settings.

[Github
Scopes](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)

## Changes

Adding email scope for Google + Github social OAuth.

## Review Focus
N/A

## Screenshots (if applicable)

┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-5638-Explicitly-add-email-scope-for-social-auth-login-2726d73d3650817ab356fc9c04f8641b)
by [Unito](https://www.unito.io)

---------

Co-authored-by: Alexander Brown <[email protected]>
Myestery pushed a commit that referenced this pull request Sep 19, 2025
@robinjhuang @DrJKL @Myestery
Explicitly add email scope for social auth login. (#5638)
19dfc37 
## Summary

Some users were authenticating successfully but their email addresses
weren't being extracted from the Firebase token. This happened because
we weren't explicitly requesting the email scope during OAuth
authentication.
 
While Firebase's default configuration includes basic profile info, it
doesn't guarantee email access for all account types - particularly
Google Workspace accounts with restrictive policies or users with
privacy-conscious settings.

[Github
Scopes](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps)

## Changes

Adding email scope for Google + Github social OAuth.

## Review Focus
N/A

## Screenshots (if applicable)

┆Issue is synchronized with this [Notion
page](https://www.notion.so/PR-5638-Explicitly-add-email-scope-for-social-auth-login-2726d73d3650817ab356fc9c04f8641b)
by [Unito](https://www.unito.io)

---------

Co-authored-by: Alexander Brown <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DrJKL DrJKL DrJKL approved these changes

@AustinMroz AustinMroz AustinMroz approved these changes

@webfiltered webfiltered webfiltered approved these changes

Assignees

@arjansingh arjansingh

@AustinMroz AustinMroz

@christian-byrne christian-byrne

@webfiltered webfiltered

Labels

size:XS This PR changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@robinjhuang @christian-byrne @DrJKL @AustinMroz @webfiltered @arjansingh