[ https://issues.apache.org/jira/browse/AIRFLOW-386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402821#comment-15402821 ]
ASF subversion and git services commented on AIRFLOW-386: --------------------------------------------------------- Commit a1c4cd92d536f7bf6617d85df4d197d8adf09d3d in incubator-airflow's branch refs/heads/master from michlyon [ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=a1c4cd9 ] limit scope to user email only AIRFLOW-386 > limit github enterprise auth user scope > --------------------------------------- > > Key: AIRFLOW-386 > URL: https://issues.apache.org/jira/browse/AIRFLOW-386 > Project: Apache Airflow > Issue Type: Bug > Reporter: Michael Lyons > Assignee: Michael Lyons > Labels: security > Original Estimate: 24h > Remaining Estimate: 24h > > The current github enterprise auth code requests read/write access to a user > profile which is probably not required for simple login? > The change is pretty straight forward: > {code} > request_token_params={'scope': 'user,read:org'}, > {code} > to > {code} > request_token_params={'scope': 'user:email,read:org'}, > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)