Minimum scope to only request a username (nickname)

[aiwaiwa]

Problem Statement

Hello! Thank you for the great library!
I'm trying to achieve an authentication of github users without fishing for their emails.

I've gone through all kinds of scopes, and found this note in the README:

For a read-only scope, either use "user:email" or an empty scope "". See more at
[GitHub's OAuth Documentation](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps/).

So I went ahead and tried the "" scope, which is supposedly giving me what I'm aiming:

config :ueberauth, Ueberauth,
  providers: [
    github:
      {Ueberauth.Strategy.Github,
       [
         # default_scope: "user:email",
         # default_scope: "user,public_repo",
         default_scope: "",
         callback_path: "/auth/github/callback"
       ]}
  ]

But during authentication, the following Unable to access the user's email address error is unfortunately raised:

iex> [error] #PID<0.918.0> running Phoenix.Endpoint.SyncCodeReloadPlug (connection #PID<0.856.0>, stream id 4) terminated
Server: 127.0.0.1:4000 (http)
Request: GET /auth/github/callback?code=_____REPLACED____&state=_____REPLACED____
** (exit) an exception was raised:
    ** (RuntimeError) Unable to access the user's email address
        (ueberauth_github 0.8.2) lib/ueberauth/strategy/github.ex:226: Ueberauth.Strategy.Github.fetch_email!/2
        (ueberauth_github 0.8.2) lib/ueberauth/strategy/github.ex:178: Ueberauth.Strategy.Github.info/1
        (ueberauth 0.10.5) lib/ueberauth/strategy.ex:349: Ueberauth.Strategy.auth/2
        (phoenix 1.7.2) lib/phoenix/router.ex:421: Phoenix.Router.__call__/5

Is there anything else I need to do? Is it feasible?

Solution Brainstorm

No response

[yordis]

It was intentionally to expect the email

ueberauth_github/lib/ueberauth/strategy/github.ex

Lines 222 to 227 in 8b96898

	defp fetch_email!(user, allow_private_emails) do
	user["email"] ||
	get_primary_email!(user) ||
	get_private_email!(user, allow_private_emails) ||
	raise "Unable to access the user's email address"
	end

So the code needs to be updated.

It's still trying to figure out why it was done that way, but it's prudent to try to figure out the Why behind it. Ideally, the email is not required in Ueberauth layer itself, and it is OK to accept nil.

PR welcome 🙏🏻

[aiwaiwa]

Thank you for your trust :D Nothing really crazy there, I just gave it shot with nil for email field and the whole workflow seems to simply digest it. Not saying that there might not be any hidden aftereffects!