octokit.net icon indicating copy to clipboard operation
octokit.net copied to clipboard

Published 20 hours ago verified publisher icon octokit

Organization.GetAllForCurrent returning nothing with OAuth token

Open Hosch250 opened this issue 3 years ago • 3 comments
trafficstars

I created an OAuth app on GitHub, wired it into my app signin process, and everything works so far.

o.ClientId = Configuration["ClientId"];
o.ClientSecret = Configuration["ClientSecret"];
o.CallbackPath = "/signin-github";
o.Scope.Add("read:user");
o.Scope.Add("read:org");

o.Events.OnCreatingTicket += async context =>
    {
        if (context.AccessToken is not null)
        {
            context.Identity?.AddClaim(new Claim("access_token", context.AccessToken));
        }
    };

Now I'm trying to see what orgs a user is in:

var github = new Octokit.GitHubClient(
    new Octokit.ProductHeaderValue("AspNetCoreGitHubAuth"),
    new Octokit.Internal.InMemoryCredentialStore(new Octokit.Credentials(context.AccessToken)));

var orgs = await github.Organization.GetAllForCurrent();

This call doesn't return any data when using the OAuth token returned, but if I hard-code a PAT and run it, I get all my orgs back. How can we get the orgs for the signed-in user when using just the OAuth token? It's not a huge deal because we can provide the user's name to get details with the GetAllForUser(context.Identity.Name), but the discrepancy is confusing.

Hosch250 avatar Feb 20 '22 03:02 Hosch250

This call doesn't return any data when using the OAuth token returned, but if I hard-code a PAT and run it, I get all my orgs back.

This suggests the scopes defined for the OAuth token are different to the PAT - have you defined read:org for the OAuth token?

You can confirm what scopes a token has granted, and what was used for a specific endpoint, using curl:

$ curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/users/orgs -I
HTTP/2 200
X-OAuth-Scopes: repo, user
X-Accepted-OAuth-Scopes: user

There are some notes about OAuth permissions for this endpoint in the docs but I don't think you're seeing a 403 so perhaps it's not that...

shiftkey avatar Feb 22 '22 16:02 shiftkey

@shiftkey I can definitely confirm that scope has been added; I didn't know it was required at first and when I made the call it prompted me to add it, after which I was able to pull the public orgs with the GetAllForUser(context.Identity.Name) call.

Hosch250 avatar Feb 22 '22 23:02 Hosch250

@Hosch250 please could you confirm if this is still an issue for you?

JonruAlveus avatar Aug 16 '22 04:08 JonruAlveus

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

github-actions[bot] avatar Jul 25 '23 02:07 github-actions[bot]