From 88d8cec3d97681eaf0eb9f39a842c60e0ee0db1a Mon Sep 17 00:00:00 2001
From: Takeshi Sato <doublequotation@gmail.com>
Date: Mon, 25 Jul 2022 00:04:53 +0900
Subject: [PATCH] [#207] use read-only scopes for the GitHub OAuth2 provider

---
 tools/auth/github.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/auth/github.go b/tools/auth/github.go
index d837561a..52bc965d 100644
--- a/tools/auth/github.go
+++ b/tools/auth/github.go
@@ -21,7 +21,7 @@ type Github struct {
 // NewGithubProvider creates new Github provider instance with some defaults.
 func NewGithubProvider() *Github {
 	return &Github{&baseProvider{
-		scopes:     []string{"user"},
+		scopes:     []string{"read:user", "user:email"},
 		authUrl:    "https://github.com/login/oauth/authorize",
 		tokenUrl:   "https://github.com/login/oauth/access_token",
 		userApiUrl: "https://api.github.com/user",