New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authorize multiple Github organizations: #1349
Comments
It should be possible, unfortunately finding a working configuration may require some trial and error: #687 (comment) Try setting either or both of
Existing OAuth tokens will not be changed, but you can Also check the |
Possibly related, just connecting these in case. |
Shall we close this? I think this authenticator can do whatever is allowed by the available GitHub scopes. If GitHub doesn't have a scope that supports the desired combination of permissions I don't think there's anything we can do about it. (Strictly speaking we could do something- have multiple sets of OAuth client credentials and get the user to choose the org they want to authenticate with. I think this is outside the scope of this project.) |
I want to know if it is possible to authorize multiple github organizations without requiring that users set their membership status from "private" to "public" ?
I discovered that because the Github OAuth app identity can only be associated with a single GitHub organization, if you use this OAuth app in your JHub application (like below) and whitelist a different organization to the app, a user who is a member of this other organization (and not the organization that owns the OAuth app) will not be able to get authorized to JHub unless he sets his membership status of the GitHub organization from Private (the default) to Public. I assume this is because the OAuth app implicitly has the permission to read it's own organization and can see that the user is member (even if their membership is private), but it cannot read another organization's private membership status'.
Is it possible to add a permission scope to config.yaml such that the app requests to read the users organization memberships (but no other user data).
This makes for a undesirable user experience because we have to instruct users to join the github organization and then go to the organization and change their membership status from Private to Public. (And we can't use one single Github organization because we need to separate our users into multiple groups)
The authorization portion of my config.yaml:
The text was updated successfully, but these errors were encountered: