Signin bug smashing

26 Jan 2013

In the last months I was repeatedly getting reports of issues with signing in to the Toolbox via Github. Although I already had fixed some problems back in November that update had not resolved all of the issues, so I recently chose to have another shot at it and rewrote the whole process from scratch. Some users were also reporting that after signing in, they were getting errors. This was in fact a bug in the account screen you get to see after signing in successfully. ironically, because of this you had no way to figure out you had signed in correctly.

All of these things should now finally work as you'd expect them to.

In order to get your e-mail addresses more reliably, along with the changes back in November I added the user scope to be requested for your Github account during sign in so I could get rid of the separate handling and verification of e-mail addresses (for notifications and such) in the toolbox itself. This had the major gotcha that Github back then only had one OAuth scope for accessing your profile, and that meant both read + write access for your whole user profile. Bad. (I have been seen criticizing other services for asking for too many permissions myself...)

Thanks to the OAuth read-only user:email scope Github added this month I could finally do away with this. During sign in, the Toolbox now only reads your public profile + your default verified github email address. Of course, there has to be a minor gotcha: When authorizing for the first time, Github currently does not list the email-address permission on their auth screen. You will be informed about what data the Toolbox fetches on sign in before being kicked to Github though.

Cheers, Christoph


There are no comments yet, be the first to write one!

Post a comment

Markdown supported

In order to continue, you must be signed in using your Github account.

If you're signing in using this account for the first time Github will ask for your permission to give access to your public user data to the Ruby Toolbox.

Although the Github Authorization page does not mention it, the request includes read-only access to your verified email address (user:email OAuth scope). This is neccessary so there's a way to notify you about comments, information about your accepted project edits and the like. You can review your notification settings on your account page once you're signed in.