Troubleshooting guide for Github authentication flow

[alanna]

We get a lot of support requests related to the Github authentication flow, and I struggle because I don't know how to help people troubleshoot.

Would it be possible for @znarf or @xdamman or someone who understands how it works to give me the info here so we can write up a guide for the docs?

Here are the common issues people report:

• Repository missing from the list
• Showing personal repo's but they need an organisation's repo
• Repo not showing because it has less than 100 stars but they are confused about why it's missing
• Don't want to or can't grant unnecessary permissions

The organisation I want to connect it to is fully open, however other orgs I'm a member of do not want to allow the required permissions, and indeed shouldn't have to because they are unrelated to the organization in question. I can't seem to only allow the permissions for the relevant org. Read and write has to be granted to all repos in all orgs that allow third party applications.

Currently whenever someone can't use the Github flow I just ask them to create the Collective and manually apply to OSC. But this is not great because it's sometimes difficult for me to verify they are a legit core contributor this way. It's possible someone could start a Collective for a repo they don't have rights to. So it's better if we can get the Github flow working for them.

[piamancini]

Repository missing from the list

If you can't find your repo on the list check this:

• does the repo you are looking for has +100 stars?

• are you the owner of the repo with the profile you authenticated with? If the repo is under a different profile or an organization profile you won't see it here. You'll need to revoke access from your Github settings and re-authenticate with the right profile. If it's under and organization, make sure you give us access to your organizations (scroll down to see the check mark for it).

If you can't give us access to the organization who owns the repo, you won't see it in the list. Please contact support if this is the case.

also useful for:

Showing personal repo's but they need an organisation's repo

Don't want to or can't grant unnecessary permissions

We agree, the permissions are overly generous, we just need to read info. Unfortunately, there's not much we can do now since this is the only scope we can use to read the info we need. We've discusses this at length here: #355

If you have any suggestions on how to handle this better, feel free to send post on that issue, start a new one or send us an email support@opencollective.com

[Betree]

If you need to test the flow, the best way is to go to https://staging.opencollective.com/opensource/apply where you'll be able to add any repositories safely.

The only blocker that you may encounter is that you need to have access to a repository with 100+ stars (the usual limitation) to be able to add it. If that's a problem, we can easily disable this requirement for staging.

[contraexemplo]

@Betree Asking before I break anything: the only repositories with 100+ stars I have access to are from Open Collective's organization. Would that be a problem to test the flow? Or would you rather disable that requirement?

[Betree]

@contraexemplo Feel free to test with Open Collective repos, as long as it's on staging that's fine. One problem you may face is that other team members may already have done the same on staging, thus you may get an error like "this collective already exist".

If you face this issue, just tell me and I'll prioritize the ability to disable the 100 stars requirement on staging.

[contraexemplo]

@Betree I can't go much further after picking a repository because I'm not an admin on eligible repositories or organizations. Will disabling that 100 stars requirement allow me to continue with any other repository I may have on my account?

[Betree]

@contraexemplo Yes. I'm going to put that on my TODO to unblock you