github organization and team authorization with docker not working

[pyromaniac3010]

Describe the issue

Hello,

I tried to setup github authentication with the docker images and the following environment variables:

      WEBLATE_SOCIAL_AUTH_GITHUB_ORG_NAME: <org-name>
      WEBLATE_SOCIAL_AUTH_GITHUB_ORG_KEY: <org-key>
      WEBLATE_SOCIAL_AUTH_GITHUB_ORG_SECRET: <org-secret>
      WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_KEY: <team-key>
      WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_SECRET: <team-secret>
      WEBLATE_SOCIAL_AUTH_GITHUB_TEAM_ID: <team-id>

But nothing really worked.
I found out the hard way that the documentation https://docs.weblate.org/en/latest/admin/auth.html#github-authentication does not provide the correct callback URLs for organizations (should be https://example.com/accounts/complete/github-org/ and teams (should be https://example.com/accounts/complete/github-teams/).
After fixing that, I always get the error message "Handled exception: AuthFailed: Authentication failed: User doesn't belong to the organization"
I think the github scope is not correctly set in the docker-image as the github auth screen only shows "Public data only
Limited access to your public data".

I already tried

• I've read and searched the documentation.
• I've searched for similar issues in this repository.

Steps to reproduce the behavior

Try to setup an organization or teams authentication with github.com

Expected behavior

There should be no errors for members of the organization / team.

Screenshots

Exception traceback

No response

How do you run Weblate?

Docker container

Weblate versions

weblate@c009c6dca2de:/$ weblate list_versions

• Weblate: 4.10.1
• Django: 4.0
• siphashc: 2.1
• translate-toolkit: 3.5.1
• lxml: 4.7.1
• Pillow: 8.4.0
• bleach: 4.1.0
• python-dateutil: 2.8.2
• social-auth-core: 4.1.0
• social-auth-app-django: 5.0.0
• django-crispy-forms: 1.13.0
• oauthlib: 3.1.1
• django-compressor: 3.1
• djangorestframework: 3.13.1
• django-filter: 21.1
• django-appconf: 1.0.5
• user-agents: 2.2.0
• filelock: 3.4.0
• setuptools: 60.0.4
• jellyfish: 0.8.9
• openpyxl: 3.0.9
• celery: 5.2.1
• kombu: 5.2.2
• translation-finder: 2.10
• weblate-language-data: 2021.7
• html2text: 2020.1.16
• pycairo: 1.20.1
• pygobject: 3.42.0
• diff-match-patch: 20200713
• requests: 2.26.0
• django-redis: 5.2.0
• hiredis: 2.0.0
• sentry_sdk: 1.5.1
• Cython: 0.29.26
• misaka: 2.1.1
• GitPython: 3.1.24
• borgbackup: 1.1.17
• pyparsing: 3.0.6
• pyahocorasick: 1.4.2
• python-redis-lock: 3.7.0
• Python: 3.10.1
• Git: 2.30.2
• psycopg2: 2.9.2
• psycopg2-binary: 2.9.2
• phply: 1.2.5
• chardet: 4.0.0
• ruamel.yaml: 0.17.17
• tesserocr: 2.5.2
• akismet: 1.1
• boto3: 1.20.26
• zeep: 4.1.0
• aeidon: 1.10.1
• iniparse: 0.5
• mysqlclient: 2.1.0
• Mercurial: 6.0
• git-svn: 2.30.2
• git-review: 2.2.0
• Redis server: 6.2.6
• PostgreSQL server: 13.5
• Database backends: django.db.backends.postgresql
• Cache backends: default:RedisCache, avatar:FileBasedCache
• Email setup: django.core.mail.backends.smtp.EmailBackend: email-smtp.eu-west-1.amazonaws.com
• OS encoding: filesystem=utf-8, default=utf-8
• Celery: redis://cache:6379/1, redis://cache:6379/1, regular
• Platform: Linux 4.14.243-185.433.amzn2.x86_64 (x86_64)

Weblate deploy checks

No response

Additional context

No response

[github-actions]

This issue looks more like a support question than an issue. We strive to answer these reasonably fast, but purchasing the support subscription is not only more responsible and faster for your business but also makes Weblate stronger.

In case your question is already answered, making a donation is the right way to say thank you!

[github-actions]

This issue has been automatically marked as stale because there wasn’t any recent activity.

It will be closed soon if no further action occurs.

Thank you for your contributions!

[pyromaniac3010]

Will this bug be fixed?

[nijel]

I found out the hard way that the documentation https://docs.weblate.org/en/latest/admin/auth.html#github-authentication does not provide the correct callback URLs for organizations (should be https://example.com/accounts/complete/github-org/ and teams (should be https://example.com/accounts/complete/github-teams/).

That does not mention teams or org authentication at all. It does not include their configuration as well. Patches are welcome.

I think the github scope is not correctly set in the docker-image as the github auth screen only shows "Public data only Limited access to your public data".

This seems correct, Weblate currently uses OAuth2 only for authentication, not for repositories access.

Maybe @jezdez who authored f2c84dc might have a hint here?

[github-actions]

This issue has been automatically marked as stale because there wasn’t any recent activity.

It will be closed soon if no further action occurs.

Thank you for your contributions!

[github-actions]

Thank you for your report; the issue you have reported has just been fixed.

• In case you see a problem with the fix, please comment on this issue.
• In case you see a similar problem, please open a separate issue.
• If you are happy with the outcome, don’t hesitate to support Weblate by making a donation.