Can't get org SamlIdentityProvider data


#1

When I use a non-organization-admin’s Personal Access Token to execute the following query, then it returns:
{“data”: {“organization”: {“samlIdentityProvider”: null}}}
But when I use an organization-admin’s Personal Access Token to execute the query, then I get correct results back.
This seems to be an issue, because no matter what sort of permissions I add to the non-admin’s PAT, it won’t work. I’ve even tried giving it full admin access of everything, as a frustrated catch-all, and is still doesn’t work.
Any thoughts?

  organization(login: "myOrg") {
    samlIdentityProvider {
      ssoUrl
      externalIdentities(first: 100) {
        edges {
          node {
            guid
            samlIdentity {
              nameId
            }
            user {
              login
            }
          }
        }
      }
    }
  }
}```

#2

:wave: @artkinghur ,

Sorry for the slow response on this!

Is this still a problem?
If so I can take a look at it and see if I can help in any way!


#3

Hey @SirCN,
Yes, it is still a problem.
It seems that a non-organization-admin is not allowed to view that data in GraphQL.
Why would that restriction be in place in GraphQL, since they are capable of going to https://github.com/orgs/<my_organization>/people//sso and seeing the info there?

It would be super helpful to be able to query that info programmatically!


#4

:wave: I think this is working as expected. :thinking:

The link you have, https://github.com/orgs/<my_organization>/people/sso I think you can only access this if you’re an owner of the Org, otherwise you get a 404. (this is at least what I saw in some quick testing)

Looking at the permissions required to access this information through the API seems to be in line with that.