26 Jan 2013
In the last months I was repeatedly getting reports of issues with signing in to the Toolbox via Github. Although I already had fixed some problems back in November that update had not resolved all of the issues, so I recently chose to have another shot at it and rewrote the whole process from scratch. Some users were also reporting that after signing in, they were getting errors. This was in fact a bug in the account screen you get to see after signing in successfully. ironically, because of this you had no way to figure out you had signed in correctly.
All of these things should now finally work as you'd expect them to.
In order to get your e-mail addresses more reliably, along with the changes back in November I added the user scope to be requested for your Github account during sign in so I could get rid of the separate handling and verification of e-mail addresses (for notifications and such) in the toolbox itself. This had the major gotcha that Github back then only had one OAuth scope for accessing your profile, and that meant both read + write access for your whole user profile. Bad. (I have been seen criticizing other services for asking for too many permissions myself...)
Thanks to the OAuth read-only user:email scope Github added this month I could finally do away with this. During sign in, the Toolbox now only reads your public profile + your default verified github email address. Of course, there has to be a minor gotcha: When authorizing for the first time, Github currently does not list the email-address permission on their auth screen. You will be informed about what data the Toolbox fetches on sign in before being kicked to Github though.