No read-only scope for viewing pull requests, repos?


#1

I’m trying to query for a list of pull requests and related repos and orgs. I’m running into an issue with permissions, as I do not want to request or grant my application any write access, but the ‘repo’ token (which is read and write for all accessible repos) is required to even query any of this information.

It seems like there’s no read-only way to access this information from GraphQL (the REST api, however, let me search for open pull requests and read their titles, descriptions, and comments). I should add I’m testing against Enterprise 2.10, but the current documentation still suggests there is no way to get more read access.

Sample query:

    { 
      viewer {
        pullRequests(first: 20) {
          edges {
            node {
              title
            }
          }
        }
      }
    }

Result:

    {
      "data": null,
      "errors": [
        {
          "message": "Your token has not been granted the required scopes to execute this query. The 'title' field requires one of the following scopes: ['repo'], but your token has only been granted the: ['notifications', 'read:gpg_key', 'read:org', 'read:public_key', 'read:repo_hook', 'user'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.",
          "locations": [
            {
              "line": 7,
              "column": 11
            }
          ]
        }
      ]
    }

#2

This may be same as Scopes required to query public repos?
I’ve also heard that this isn’t a problem currently on Github.com. So perhaps this is a matter of waiting for Enterprise to be updated with better handling of scopes.


#3

Hi @alecxvs,

So you’re running into the limitation that users hit in the REST API as well, where our token scopes are really really broad.

Right now with a personal access token or a token given from an OAuth app there isn’t a way to give read only permissions to a particular kind of resources. We can only ask for either all public repos or all repos.

When GitHub Apps comes to Enterprise you will be able to specify permissions like you talked about above.

I know this isn’t a great answer but hopefully that helps at least a little bit.


#4

Sounds like I’m waiting for the next enterprise release either way. I am curious about apps, and accessing on the org level instead of the user level could be quite interesting.