registry icon indicating copy to clipboard operation
registry copied to clipboard
Published 1 month ago verified publisher icon modelcontextprotocol

fix: use authenticated user endpoint for fetching organizations (#398)

Open ossamalafhel opened this issue 5 months ago • 0 comments

Changed GitHub API endpoint from /users/{username}/orgs to /user/orgs to retrieve all organizations for the authenticated user.

Problem

The /users/{username}/orgs endpoint only returns organizations where the user's membership is public, causing 403 errors for users with private organization membership when trying to publish.

Solution

Using /user/orgs returns all organizations (public and private) for the authenticated user, allowing them to publish to any organization they belong to.

Impact

  • Users can publish to all their organizations without changing visibility
  • Maintains existing security model (same auth token required)
  • Resolves 403 permission errors reported in issue #398
  • Added test to ensure correct endpoint usage

This PR fixes the organization publishing permissions issue by using the correct GitHub API endpoint that returns all organizations, not just public ones.

Motivation and Context

Multiple users reported being unable to publish servers to their organizations despite being members. This was causing frustration and blocking legitimate use cases where organization membership is kept private for security or privacy reasons. See issue #398 for the original bug report.

How Has This Been Tested?

  • Added unit test TestGitHubHandler_UsesUserOrgsEndpoint that verifies:
    • The /user/orgs endpoint is called (not /users/{username}/orgs)
    • Private organizations are included in the response
    • Permissions are correctly generated for all organizations
  • All existing auth tests continue to pass
  • Manually verified the endpoint change follows GitHub API documentation

Breaking Changes

None. This is a backwards-compatible fix that expands access to include private organizations.

Types of changes

  • [x] Bug fix (non-breaking change which fixes an issue)
  • [x] New feature (non-breaking change which adds functionality)
  • [x] Breaking change (fix or feature that would cause existing functionality to change)
  • [x] Documentation update

Checklist

  • [x] I have read the MCP Documentation

  • [x] My code follows the repository's style guidelines

  • [x] New and existing tests pass locally

  • [x] I have added appropriate error handling

  • [x] I have added or updated documentation as needed

    Additional context

    The GitHub API documentation confirms that /user/orgs is the correct endpoint for retrieving all organizations of the authenticated user. This change aligns with GitHub's recommended practices for OAuth applications.

ossamalafhel avatar Sep 14 '25 10:09 ossamalafhel