Access token problems with a private repository in organization #24378
-
For the organization, we have an in house desktop application that sometimes has the download the contents of a GitHub repository. each user has generated a user token and given it to the application which stores the token. But when the application tries to download a private repository from the organization they are all met with a 404. this indiciates by github FAQ that they dont have access. as github doesn’t tell if the repo exists or not. But it does work for my access token? So I was wondering how to get it to work for everyone |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Hey @DaanV2 o/ How are you going? Curious to know if this is still a concern, as I imagine it might be. Since you’ve developed an app, I’m curious to know the rationale around using PATs fed to the app, as opposed to providing auth for the app, like: docs.github.comAuthenticating with GitHub Apps - GitHub DocsConsidering Personal Access Tokens are tied to specific users, there is some concerning consideration to make with how those PATs are handled by your app. Are they being stored in a database and are they encrypted? Regarding your 404, your understanding is correct. As long as the auth isn’t bumping up against any other issues (like syntax) we would assume that a PAT returning a 404, does not have permissions to make that particular action. So for your specific ask:
I’d be curious to know the justification on pulling PATs instead of having a unique auth token for the app itself. There may be a use case I’m not considering! |
Beta Was this translation helpful? Give feedback.
Hey @DaanV2 o/
How are you going? Curious to know if this is still a concern, as I imagine it might be.
Since you’ve developed an app, I’m curious to know the rationale around using PATs fed to the app, as opposed to providing auth for the app, like:
docs.github.com
Authenticating with GitHub Apps - GitHub Docs
Considering Personal Access Tokens are tied to specific users, there is some concerning consideration to make with how those PATs are handled by your app. Are they being stored in a database and are they encrypted?
Regarding your 404, your understanding is correct. As long as the auth isn’t bumping up against any other issues (like syntax) we would assume that a PAT returnin…