Skip to content

Request read:org scope so starkast membership is visible#1010

Merged
jage merged 2 commits into
mainfrom
oauth-read-org-scope
Jun 27, 2026
Merged

Request read:org scope so starkast membership is visible#1010
jage merged 2 commits into
mainfrom
oauth-read-org-scope

Conversation

@jage

@jage jage commented Jun 27, 2026

Copy link
Copy Markdown
Member

No description provided.

jage added 2 commits June 27, 2026 09:05
@jage
Refactor authorize query parameters for readability
e0ed526 
Assemble the GitHub OAuth authorize query from a list of key=value
pairs instead of one long interpolated string. Behaviour is unchanged;
redirect_uri stays un-re-encoded since request.referrer is already
percent-encoded.
@jage
Request read:org scope so starkast membership is visible
55c6f15 
starkast? checks org membership via GET /orgs/starkast/members/:login.
That endpoint only returns 204 when the OAuth token can read org
membership; with the previous user:email-only scope GitHub answered 302
and every user read as non-starkast, so private pages and the conceal
toggle were unusable in production. Adding read:org makes the check
return 204 for members, public or private.

Existing users get a one-time GitHub re-authorization prompt on next
login because the requested scope changed.
@jage jage merged commit 2efad22 into main Jun 27, 2026
9 checks passed
@jage jage deleted the oauth-read-org-scope branch June 27, 2026 07:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jage