Retrieving repositories a user has access to thru my integration


#1

I’m following along with https://developer.github.com/early-access/integrations/identifying-users/ however when I get to step 4 and exchange my nonce for the identity of the user the resulting user objects repositories_url is null which makes the “fetch a list of repositories that the integration is installed on and visible to the given user” impossible to do.
Am I missing a permission? Is there another endpoint I can hit to find out which repositories I can safely show the user that landed on my integration admin page?


All repositories a user has access to, that have integration installed
#2

GitHub support got back to me on this and the thing I was missing was integration_id in the initial call out to get the user object.


#3

Turns out this didn’t solve my problem. I now get the repositories_url back in the payload however when I try to use my installation token to call out to it I always get a status 401 with {'documentation_url': 'https://developer.github.com/v3', 'message': 'Invalid credentials'} back.

I know my installation token is correct because I can use it for other interactions and just to be sure it was the installation token I needed to use I tried with the Bearer integration jwt too, I get back a 404 in that case.


#4

I think I’ve worked out why this was failing. The payload I get back when exchanging the nonce for user details looks like so:

{
  "installations_url": "https://api.github.com/integration/installations?user_id=1234",
  "repositories_url": "https://api.github.com/installations/repositories?user_id=1234",
  "user": {
    ...
  }
}

but https://developer.github.com/v3/integrations/installations/#list-repositories suggests installation is singular in the endpoint for repositories.
installations in the payload back from the nonce exchange is plural but installation in the documentation is singular and only the singular form gets me back my repositories.
Is this a bug in the url returned from the nonce exchange?


#5

This took me ages to work out. I kept getting invalid credentials for ages too. It is because the url needs to be installation as opposed to ‘installations’.

Have I missed something critical though? Why does the integration need a user id in the params? After all, isn’t the whole point that the integration becomes its own user? Should it not come back with all the repo’s the integration itself has access to?

Thanks so much.

Tat


#6

It’s a way of asking github the union of two questions. Tell me all the repositories that this installation AND this user have access to. We’re using it to make sure that when a user requests to see integration logs for a certain repo they do indeed have access to said repo themselves.


#7

Brilliant - this makes sense now. I had not understood the use case. Thanks so much.


#8