[
https://issues.apache.org/jira/browse/AIRFLOW-386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402821#comment-15402821
]
ASF subversion and git services commented on AIRFLOW-386:
---------------------------------------------------------
Commit a1c4cd92d536f7bf6617d85df4d197d8adf09d3d in incubator-airflow's branch
refs/heads/master from michlyon
[ https://git-wip-us.apache.org/repos/asf?p=incubator-airflow.git;h=a1c4cd9 ]
limit scope to user email only AIRFLOW-386
> limit github enterprise auth user scope
> ---------------------------------------
>
> Key: AIRFLOW-386
> URL: https://issues.apache.org/jira/browse/AIRFLOW-386
> Project: Apache Airflow
> Issue Type: Bug
> Reporter: Michael Lyons
> Assignee: Michael Lyons
> Labels: security
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> The current github enterprise auth code requests read/write access to a user
> profile which is probably not required for simple login?
> The change is pretty straight forward:
> {code}
> request_token_params={'scope': 'user,read:org'},
> {code}
> to
> {code}
> request_token_params={'scope': 'user:email,read:org'},
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
