If I’m only interested in the username (nickname) at github, is there a way to achieve that? Basically I’m not interested in emails, I just need to verify that I’m dealing with a few administrators via github auth.
I’m not sure what you’re asking regarding your first point. I’d advice to do some trial and error, and see what the minimal scope is you can get away with, no?
Regarding your second point: I’m not sure how you could do this with Ueberauth, because of the way it needs to be configured in one of your config scripts. But I suggest to take a look at Assent instead. IMO it’s much easier to configure Assent. I used to depend on Ueberauth for OAuth integration, but I switched because I found Assent to be easier to configure and understand. The downside is that it requires you to wire up your own controller (but that doesn’t require much glue code anyway). Assent itself has a very simple API, and can be used independently from Pow (I don’t use Pow, but I do use Assent together with the phx.gen.auth code).
I have a simple demo repo online (phx_gen_auth_meetes_assent) that shows how to integrate Assent. See this specific line to see how you’d configure Assent to have the correct callback path, using verified routes:
Although I do appreciate that you’re going for the minimal data of your logged in users, I’m not sure if that’s really a rabbit hole worth following. An email address is the identifier of your user. So if you don’t need that, then what do you need? A nickname can also be entered in an input field, without the whole OAuth dance. It won’t be unique anyway, and you won’t be guarding against identity-fraud or something, as anyone can choose any nickname they want. Are you sure you want OAuth integration at all?
I’m not even sure the consent dialog of Github will make the distinction when you omit the email address from the requested scope. If the users can’t even see the difference, then… meh Just don’t save the email address. It might be unfortunate that email addresses are being used for account identifiers, but that’s a given at this point.
I’ve recently learned from Chris McCord on slack that the livebeats sample app implements OAuth integration with Github from scratch. Look here for more inspiration: live_beats/github.ex at master · fly-apps/live_beats · GitHub (it’s being called from the OAuthCallbackController, which is very similar to how you’d use Ueberauth or Assent). It’s quite concise and elegant (but it does only github, no other IdP’s). It also fetches the email address, but you can strip that from the code, so it’s even more concise, if that’s your goal.
Just don’t save the email address. It might be unfortunate that email addresses are being used for account identifiers, but that’s a given at this point.
