read:org scope is not requested making tokens unusable for GitHub CLI

[josephcrivello]

Version

2.6.1+786ab03440ddc82e807a97c0e540f5247e44cec6

Operating system

Windows

OS version or distribution

macOS Sequoia

Git hosting provider(s)

GitHub

Other hosting provider

No response

(Azure DevOps only) What format is your remote URL?

None

Can you access the remote repository directly in the browser?

Yes, I can access the repository

Expected behavior

I have Git credential manager set up and it is working. I am able to pull repositories in my organization, etc.

I expected GitHub CLI to immediately start working by using GCM's stored credentials, since after all both tools are from the same organization. But apparently this doesn't work for... reasons?

As a backup, I'd expect to be able to use a token from GCM to log in manually to GitHub CLI. But apparently this doesn't work either because it doesn't request the right scopes.

Actual behavior

Then I figured I'd try to be clever and manually feed a token from GCM to GitHub CLI like this:

printf "protocol=https\nhost=github.com\n\n" | git -c credential.interactive=never credential fill | grep "^password=" | cut -d= -f2 | gh auth login --with-token

But I get the error error validating token: missing required scope 'read:org'.

I took a look at the scopes requested by GCM, and indeed it does not seem to request read:org.

Why not? Can I configure it to? Why does Microsoft make it so hard to use GCM with GitHub CLI?

I'm sure your retort will be "just log in to GCM and GitHub CLI"... but the whole reason I am using GCM is so I can forward tokens to a locally hosted Docker container using sam-mfb/git-credential-forwarder. This works great for git but I can't get it to work for gh to save my life. Super frustrating.

Logs

No response