From 96308411350af2488c1c6fc044fc88488c6ca0d6 Mon Sep 17 00:00:00 2001 From: Baghirov Feyruz Date: Thu, 9 Jan 2025 17:45:57 +0100 Subject: [PATCH] added documentation that explains the resoning behind fetching primary email for GitHub --- docs/web/authentication.md | 4 +++- web/server/codechecker_server/api/authentication.py | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/web/authentication.md b/docs/web/authentication.md index 91c665d735..635891b629 100644 --- a/docs/web/authentication.md +++ b/docs/web/authentication.md @@ -425,7 +425,9 @@ CodeChecker also supports OAUTH-based authentication. The `authentication.method * Important: 'oauth_callback_url' must always match with link specified in the Providers settings when issuing an access token. -* Important: As of the time this code was written, GitHub does not support PKCE (Proof Key for Code Exchange). Therefore, users logging in with GitHub cannot use PKCE. If GitHub starts supporting PKCE in the future, the code should automatically start using it. +* Important: At the time this code was written, GitHub doesn't support PKCE (Proof Key for Code Exchange). Therefore PKCE is not used when users log in using GitHub. If GitHub starts supporting PKCE in the future, the code should automatically start using it ,and in that case, this note can be removed. + +* Important: For consistency between GitHub and other providers, we need to fetch primary email from another endpoint because GitHub dosn't provide the primary email in the `user_info`, so we make an API request to fetch the primary email of the GitHub and use it instead of the username provided by the `user_info`. # Client-side configuration diff --git a/web/server/codechecker_server/api/authentication.py b/web/server/codechecker_server/api/authentication.py index 6dba2052fd..a8f195a564 100644 --- a/web/server/codechecker_server/api/authentication.py +++ b/web/server/codechecker_server/api/authentication.py @@ -378,6 +378,9 @@ def performLogin(self, auth_method, auth_string): codechecker_api_shared.ttypes.ErrorCode.AUTH_DENIED, "User info fetch failed.") + # if the provider is github it fetches primary email + # from another api endpoint to maintain username as email + # consistency between GitHub and other providers if provider == "github" and \ "localhost" not in user_info_url: try: