This repository has been archived by the owner on Jan 24, 2019. It is now read-only.
Interop for github provider and EmailDomains #295
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
To answer the ~obvious question of why use github if I care about email validation, I am using this cherry-picked on top of #277 to front Rundeck and as far as I understand, github is my best source of the roles data Rundeck needs to function |
|
Hi Donald, I like this enhancement, it's immediately useful for the Github provider. 👍 A related case for reference: In a recent implementation we couldn't rely on all users having the same email domain (contractors, for example). So we are passing the user's Github ID as a unique identifier in lieu of the mailbox name - #276 John |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
People (like my coworkers) often use the same github account for both work and other purposes. As such they end up having multiple email addresses set up for the same account
When using the pass-basic-auth, the X-Forwarded-Email and X-Forwarded-User end up passing their primary email and prefix thereof, which due to githubs configurability of notifications, may or may not be their work email. For systems which use the values of these headers to autovivify downstream users, confusion is introduced into the naming schemes, and in especially bad cases you could accidentally end up sending confidential notifications out of band.
While obviously there are more policy-level solutions, this is my proposal at a technical solution.
I suspect there may be a better way to achieve it, but this is a first pass; Let me know what you think. Thanks :D