Unable to view installation repos using access key


#1

Hi,

I am trying to list repositories that can be accessed by a user for an installation/integration. I have followed the oauth documentation and have obtained a users access key, but when I try and use this access key to view installations, I get a 403:

➟ curl -v -H "Accept: application/vnd.github.machine-man-preview+json" 'https://api.github.com/user/installations/31066/repositories?access_token=XXXX'

Trying 192.30.253.117...
<SNIP>
< HTTP/1.1 403 Forbidden
<SNIP>
< X-OAuth-Scopes: repo, user
< X-Accepted-OAuth-Scopes: read:user, user
< X-OAuth-Client-Id: 04d30c409fecb23dfbc8
<SNIP>
<
{
"message": "You must authenticate with an access token authorized to a GitHub App, a personal access token, or basic auth in order to list repositories for an installation.",
"documentation_url": "https://developer.github.com/v3"
}

However the token works fine when accessing user information:

➟ curl -v -H "Accept: application/vnd.github.machine-man-preview+json" 'https://api.github.com/user?access_token=XXXX'

<SNIP>
< HTTP/1.1 200 OK
< Server: GitHub.com
< Date: Mon, 17 Jul 2017 07:50:56 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 1484
< Status: 200 OK
<SNIP>
{
"login": "yasn77",
"id": 2234002,
 <SNIP>
}

Could please point me in the right direction… Not sure what I am doing wrong :confused:


#2

Hi @yasn77 :wave:

I have followed the oauth documentation and have obtained a users access key

Just to make sure we understand – which documentation exactly did you follow?

Did you follow this:

https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-authorization-options-for-oauth-apps/#web-application-flow

or this:

https://developer.github.com/apps/building-integrations/setting-up-and-registering-github-apps/identifying-users-for-github-apps/#identifying-users-on-your-site

You should have followed the latter, and I’m guessing you followed the former. The latter is for GitHub Apps, the former is for OAuth apps. Those are two different things.