Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add repo scope for github oAuth authorization #8092

Merged
merged 1 commit into from
Nov 18, 2021
Merged

Add repo scope for github oAuth authorization #8092

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions airbyte-oauth/src/main/java/io/airbyte/oauth/flows/GithubOAuthFlow.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,13 @@ public class GithubOAuthFlow extends BaseOAuth2Flow {

private static final String AUTHORIZE_URL = "https://github.com/login/oauth/authorize";
private static final String ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
// Setting "repo" scope would allow grant not only read but also write
// access to our application. Unfortunatelly we cannot follow least
// privelege principle here cause github has no option of granular access
// tune up.
// This is necessary to pull data from private repositories.
// https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes
private static final String SCOPES = "repo";

public GithubOAuthFlow(final ConfigRepository configRepository, final HttpClient httpClient) {
super(configRepository, httpClient);
Expand All @@ -41,11 +48,10 @@ protected String formatConsentUrl(final UUID definitionId,
final JsonNode inputOAuthConfiguration)
throws IOException {
try {
// No scope means read-only access to public information
// https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes
return new URIBuilder(AUTHORIZE_URL)
.addParameter("client_id", clientId)
.addParameter("redirect_uri", redirectUrl)
.addParameter("scope", SCOPES)
.addParameter("state", getState())
.build().toString();
} catch (final URISyntaxException e) {
Expand Down
2 changes: 1 addition & 1 deletion airbyte-oauth/src/test/java/io/airbyte/oauth/flows/GithubOAuthFlowTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ protected BaseOAuthFlow getOAuthFlow() {

@Override
protected String getExpectedConsentUrl() {
return "https://github.com/login/oauth/authorize?client_id=test_client_id&redirect_uri=https%3A%2F%2Fairbyte.io&state=state";
return "https://github.com/login/oauth/authorize?client_id=test_client_id&redirect_uri=https%3A%2F%2Fairbyte.io&scope=repo&state=state";
}

@Override
Expand Down