Releasing GitHub organization data#
This applies only to Science Platform environments that use GitHub for authentication, not to ones that use CILogon or a local identity provider.
When the user is sent to GitHub to perform an OAuth 2.0 authentication, they are told what information about their account the application is requesting, and are prompted for which organizational information to release. Since we’re using GitHub for group information, all organizations that should contribute to group information (via team membership) must have their data released. GitHub supports two ways of doing this: make the organization membership public, or grant the OAuth App access to that organization’s data explicitly.
GitHub allows the user to do the latter in the authorization screen during OAuth 2.0 authentication.
This UI is not very obvious for users, and for security reasons we may not wish users who are not organization administrators to be able to release organization information to any OAuth App that asks. Therefore, either organization membership should be set to public for all organizations used to control access to Science Platform deployments protected by GitHub, or someone authorized to approve OAuth Apps for each organization that will be used for group information should authenticate to the Science Platform deployment and use the Grant button to grant access to that organization’s data.