Scopes required to query public repos?


I’m just getting started with the GraphQL API, and I’ve hit a bit of a roadblock.

I’m building a simple app that will let users enter a repository and owner, and get a list of its stargazers. I’m planning on doing some data visualizations with the stargazer info: pins on a map indicating where your supporters are, a list of companies/organizations whose members have starred, etc.

I created an OAuth token with no scopes, and tried the request. I get the following error message:

Your token has not been granted the required scopes to execute this query. The ‘name’ field requires one of the following scopes: [‘repo’], but your token has only been granted the: [’’] scopes.

Given that it’s querying for publicly-available info, why does it need write access for my private repositories? The reason that this is an issue is that I’d like for this to be a client-side-only app, and I obviously can’t embed an OAuth token that has these kinds of permissions.

Really hoping there’s a way I can do it without needing to set up a back-end proxy; because results are limited to 30 per page, I’ll be fetching a lot of pages sequentially, and that kind of pit-stop latency will significantly impact the project.

Thanks for any advice!

No read-only scope for viewing pull requests, repos?

@joshwcomeau Tokens used for the GraphQL API will generally require correct scopes just as regular endpoints in the REST API do, depending on the resources you’re accessing. That being said, we’re still working on how we implement child scopes. That’s why we currently require the repo scope as opposed to the public_repo scope. Rest assured that we definitely plan to make this separation in the future.


Thanks David!