feat: add GitHub team import to new list page #2006
Conversation
β Deploy Preview for design-insights ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
β Deploy Preview for oss-insights ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Compliance Checks
Thank you for your Pull Request! We have run several checks on this pull request in order to make sure it's suitable for merging into this project. The results are listed in the following section.
Issue Reference
In order to be considered for merging, the pull request description must refer to a specific issue number. This is described in our Contributing Guide.
This check is looking for a phrase similar to: "Fixes #XYZ" or "Resolves #XYZ" where XYZ is the issue number that this PR is meant to address.
| await signIn({ provider: "github", options: { redirectTo: `${host}${currentPath}` } }) | ||
| await signIn({ | ||
| provider: "github", | ||
| options: { redirectTo: `${host}${currentPath}`, scopes: "read:org" }, |
There was a problem hiding this comment.
Note: I had to sign out and sign back in on an incognito browser to get the higher scope auth flow to kick off.
There was a problem hiding this comment.
I wonder if we need to indicate that they may need to log out, or I wonder if there's a way for us to get the higher auth scope to catch?
There was a problem hiding this comment.
It seems the whole auth flow needs to be re-triggered. I got this email once I did:
Hey jpmcb!
Previously, a third-party OAuth application (auth-beta-opensauced) had user:email scope. It was recently granted an additional scope (read:org). Visit ... for more information.
To see this and other security events for your account, visit https://github.com/settings/security-log
If you run into problems, please contact support by visiting https://github.com/contact
Thanks,
The GitHub Team
which makes me think that it'll fail until the higher auth is granted explicitly by the user.
There was a problem hiding this comment.
Yes, that's true about the new auth flow. We could do an API check when they click the first button and redirect them if necessary, but thats adds a bit of friction.
There was a problem hiding this comment.
Org reading was enough friction from getting the Facebook OSPO from using the original open-sauced/open-sauced.
This is partly why installing the GitHub app is the path we should introduce for progressively getting access to more read only data (in the near future).
I believe the onboarding screen has a note about reading public data only. If not, it should.
components/organisms/GitHubTeamImportDialog/github-team-import-dialog.tsx
Outdated
Show resolved
Hide resolved
|
I wonder if we can force a logout of all users also? |
|
I think this would be the right way to go since it's a one click login since most people are logged in to GitHub already. If you change the Supabase JWT secret, that should do it. All existing tokens should become invalid. |
+1 - that would be ideal. Starting a thread with the engineers internally to get this coordinated. |
## [1.74.0-beta.1](v1.73.0...v1.74.0-beta.1) (2023-10-26) ### π Features * add GitHub team import to new list page ([#2006](#2006)) ([3113a74](3113a74))
## [1.74.0](v1.73.0...v1.74.0) (2023-11-06) ### π Features * add account deletion flow ([#1990](#1990)) ([daeb10e](daeb10e)) * add contributor's when editing a list ([#2016](#2016)) ([1a0b4da](1a0b4da)) * add GitHub Org Repositories sync to insight page creation ([#2023](#2023)) ([e5f38ac](e5f38ac)) * add GitHub team import to new list page ([#2006](#2006)) ([3113a74](3113a74)) * add grey background for delete account ([#2030](#2030)) ([ea10161](ea10161)) ### π Bug Fixes * add check to allow team member access for private insight pages ([#2049](#2049)) ([2e48b95](2e48b95)) * change avatar alignment with highlight input ([#2032](#2032)) ([dc409c4](dc409c4)) * change label style of bio to bold ([#2033](#2033)) ([647fca3](647fca3)) * chart tooltip cut in contributors card ([#2029](#2029)) ([7c16863](7c16863)) * code standard errors ([e93bdca](e93bdca)) * don't recommend discordapp & use user's full id ([c5cad45](c5cad45)) * don't recommend discordapp as url & use user's full id ([#2014](#2014)) ([58df997](58df997)) * dropdown flickery on single highlight card ([#2040](#2040)) ([672ce2f](672ce2f)) * eslint issue by using `eslint-disable` ([#1993](#1993)) ([bc285a2](bc285a2)) * made notifications buttons more accessible ([#2034](#2034)) ([50bcf9d](50bcf9d)) * occurence eslint disable ([3d84665](3d84665)) * remove build commands from netlify.toml ([#2018](#2018)) ([138a125](138a125)) * ToggleSwitch component has required label via aria-label or aria-labelledby ([#2035](#2035)) ([0684081](0684081))
Description
What type of PR is this? (check all applicable)
Related Tickets & Documents
Closes https://github.com/open-sauced/engineering/issues/179
Mobile & Desktop Screenshots/Recordings
Added tests?
Added to documentation?
[optional] Are there any post-deployment tasks we need to perform?
[optional] What gif best describes this PR or how it makes you feel?