airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Riccomini (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRFLOW-386) limit github enterprise auth user scope
Date Mon, 01 Aug 2016 18:40:20 GMT

    [ https://issues.apache.org/jira/browse/AIRFLOW-386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15402603#comment-15402603
] 

Chris Riccomini commented on AIRFLOW-386:
-----------------------------------------

Makes sense. Want to send a PR?

> limit github enterprise auth user scope
> ---------------------------------------
>
>                 Key: AIRFLOW-386
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-386
>             Project: Apache Airflow
>          Issue Type: Bug
>            Reporter: Michael Lyons
>            Assignee: Michael Lyons
>              Labels: security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> The current github enterprise auth code requests read/write access to a user profile
which is probably not required for simple login?
> The change is pretty straight forward:
> {code}
> request_token_params={'scope': 'user,read:org'},
> {code}
> to 
> {code}
> request_token_params={'scope': 'user:email,read:org'},
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message