MantisBT - TestLink
View Issue Details
0008214TestLinkAuthenticationpublic2018-02-26 21:052019-02-03 22:24
fman 
fman 
normalfeature requestN/A
assignedopen 
1.9.16 (2016 Q4) 
 
N/A
TBD
0008214: GitHub OAuth 2.0
GitHub OAuth 2.0
No tags attached.
related to 0008093assigned fman Google OAuth 2.0 
Issue History
2018-02-26 21:05fmanNew Issue
2018-02-26 21:05fmanStatusnew => assigned
2018-02-26 21:05fmanAssigned To => fman
2018-02-26 21:05fmanIssue generated from: 0008093
2018-02-26 21:05fmanRelationship addedrelated to 0008093
2018-02-26 21:07fmanCategoryCharts => Authentication
2018-02-27 22:12fmanNote Added: 0027252
2019-02-03 22:08fmanNote Added: 0028501
2019-02-03 22:08fmanNote Edited: 0028501bug_revision_view_page.php?bugnote_id=28501#r5738
2019-02-03 22:14fmanNote Added: 0028502
2019-02-03 22:23fmanNote Added: 0028503
2019-02-03 22:24fmanNote Edited: 0028502bug_revision_view_page.php?bugnote_id=28502#r5740

Notes
(0027252)
fman   
2018-02-27 22:12   
First version based on user contribution, is ready to test.

changes to testlink classes to allow search user by email.
email is sent back by GitHub.

NEXT VERSION
add a new user attribute: oauthid than can contains the attribute to search for existent user.
This way I can have my work email on email attribute and my gmail mail on oauthid.
(0028501)
fman   
2019-02-03 22:08   
From
https://developer.github.com/apps/about-apps/#about-oauth-apps [^]
 
About OAuth Apps
OAuth2 is a protocol that lets external applications request authorization to private details in a user's 
GitHub account without accessing their password. This is preferred over Basic Authentication because 
tokens can be limited to specific types of data and can be revoked by users at any time.

An OAuth App uses GitHub as an identity provider to authenticate as the user who grants access to the 
app. This means when a user grants an OAuth App access, they grant permissions to all repositories they 
have access to in their account, and also to any organizations they belong to that haven't blocked third-party 
access.

Building an OAuth App is a good option if you are creating more complex processes than a simple script 
can handle. Note that OAuth Apps are applications that need to be hosted somewhere.

Keep these ideas in mind when creating OAuth Apps:

An OAuth App should always act as the authenticated GitHub user across all of GitHub (for example, when 
providing user notifications).
An OAuth App can be used as an identity provider by enabling a "Login with GitHub" for the 
authenticated user.
Don't build an OAuth App if you want your application to act on a single repository. With the repo OAuth 
scope, OAuth apps can act on all of the authenticated user's repositories.
Don't build an OAuth App to act as an application for your team or company. OAuth Apps authenticate as 
a single user, so if one person creates an OAuth App for a company to use, and then they leave the company, 
no one else will have access to it.
For more on OAuth Apps, see "Creating an OAuth App" and "Registering your app."


(0028502)
fman   
2019-02-03 22:14   
(edited on: 2019-02-03 22:24)
Available for tests on GitHub

Client ID
39eaa098ffffcda54b63

Client Secret
d5dbe0344ca9b5f0857769d87ba14cf99bdc2b1c

Callback URL - Mandatory
http://testlink.eu.ngrok.io/app/login.php?oauth=github [^]

(0028503)
fman   
2019-02-03 22:23   
Redirect URLs

The redirect_uri parameter is optional. If left out, GitHub will redirect users to the callback URL configured 
in the OAuth Application settings. 

If provided, the redirect URL's host and port must exactly match the callback URL. 
The redirect URL's path must reference a subdirectory of the callback URL.