Documentation/github-connector: warn user that GitHub email id should be public. #972
Conversation
Documentation/github-connector.md
Outdated
| @@ -8,7 +8,7 @@ When a client redeems a refresh token through dex, dex will re-query GitHub to u | |||
|
|
|||
| ## Configuration | |||
|
|
|||
| Register a new application with [GitHub][github-oauth2] ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`. | |||
| Register a new application with [GitHub][github-oauth2] ensuring the callback URL is `(dex issuer)/callback`. For example if dex is listening at the non-root path `https://auth.example.com/dex` the callback would be `https://auth.example.com/dex/callback`. Please note that a user needs to mark their email id as public in GitHub, so that the ID token that gets returned for this user contains an email id field in the ID token claims. | |||
There was a problem hiding this comment.
It's kinda sounds like you're saying that ID tokens are returned by GitHub.
Also might be worth marking this as a known caveat. e.g. https://github.com/coreos/dex/blob/master/Documentation/oidc-connector.md#caveats or https://github.com/coreos/dex/blob/master/Documentation/saml-connector.md#caveats
There was a problem hiding this comment.
Should I just leave at "users should have their email ids as public"?
There was a problem hiding this comment.
Yep will create a new caveat section for it. Maybe also add our GitHub orgs problem there.
There was a problem hiding this comment.
I think detail the fact that GitHub's API won't return an email if the end user's email isn't public. However you want to word that, but the current sentence isn't super clear.
|
Made changes according to the feedback. |
|
Note that you should be able to get non-public emails with user:email scope, but you need to explicitly query |
Documentation/github-connector: warn user that GitHub email id should be public.
Looks like a lot of users are trying the GitHub connector with private email ids.