Unable to get team list from my specific organization


#1

This query is working against some orgs, specifically the ‘ansible’ org, however it does not work against the ‘bonnyci’ org. This is weird.

Here is a working example:

query {
  organization(login: "ansible") {
    description
    teamsUrl
    team(slug: "ansible-container") {
      id
      name
      privacy
    }
    teams {
      totalCount
    }
  }
}

And here is one that doesn’t work (for my login):

query {
  organization(login: "bonnyci") {
    description
    teamsUrl
    team(slug: "sandbox-core") {
      id
      name
      privacy
    }
    teams {
      totalCount
    }
  }
}

When running this against my org, I simply get:

{
  "data": {
    "organization": {
      "description": "A more capable CI system",
      "teamsUrl": "https://github.com/orgs/BonnyCI/teams",
      "team": null,
      "teams": {
        "totalCount": 0
      }
    }
  }
}

Following the team link should show that there are three teams, one of which is sandbox-core.

Weird, right?


#4

Interesting. I switched to testing this from a python application, using one of my personal access tokens. Using that method I’m able to get information about my team. It’s just through the web UI that I am not. Very interesting.


#5

When you say Web UI, what do you mean? https://developer.github.com/v4/explorer/ ?

It may be possible that the account you’re using doesn’t have the right privileges (eg., might not be an admin of the org) or that you don’t have the right token access. Though, I would expect an error response stating that…


#6

Sorry yes, I meant the v4 explorer. I used the same login to the explorer as I was using from my python app. I am indeed an admin of the org.


#7

Ok, here’s what I believe is going on. It looks like ansible has OAuth application policies (OAP) disabled, while bonnyci has it enabled. What that means is that OAuth apps can’t access organization data, without specific approval from an org admin. This is to prevent third-party applications from accessing an organization’s information via the API in case of sensitive info. You, as an administrator, can definitely make API calls as an individual, but since the GraphQL Explorer is an OAuth app, it is being blocked.

To work around this, you can explicitly approve the GraphQL Explorer OAuth app as something that can read your organization’s data.

Hope this helps!


#8

Interesting. That makes sense! I had to go to my personal settings page, to the Applications, and there I found that the BonnyCI org had not been granted org access. I clicked the button there to grant it and now things work as expected. Thanks!