API v4 - Unable to Retrieve Email - Resource not accessible by integration #24774
-
Hi, I am trying to retrieve information on pull requests, including the author’s email (and the emails of reviewers and commentors). Unfortunately whenever I include the “Email” field in my query I get the error “Resource not accessible by integration”. Removing the Email field removes this error. Simplified query:
Response:
The Permissions I have given (all read-only):
User Permissions:
I couldn’t find a comprehensive list of the permissions and what access they give, so forgive me if it’s a silly error on my part. I have tried the same query using a personal access token and it works fine. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments
-
Hi @c-brooks , Thanks for being here! And thank you for your patience while we researched your question. To be able to help you better could you answer the following: What kind of request is this?: is it server-to-server (using an installation token) or user-to-server (using an OAuth token)? |
Beta Was this translation helpful? Give feedback.
-
Thanks for the reply - sorry, I should have stated in the original post. It’s an installation token for a Github App |
Beta Was this translation helpful? Give feedback.
-
Hi @c-brooks, Thanks again for your patience, here is the feedback based on our Support teams research: The reason that request returns the specific error message is because a user’s email is only accessible via user-to-server request (in other words, an OAuth token and not an installation token). Here’s some more context: when a GitHub App is installed to a repo, it requests repo-specific permissions to the authorizing user. However, a GitHub App can only get user-specific information if the user in question has chosen to be identified by the app as a part of the User Authorization flow described here: At the end of the authorization flow, that OAuth token can be used to make a request to the GraphQL API to obtain the Thank you for your feedback on the documentation. It’s a great point all user-to-server requests are documented, but there isn’t a specific section in GitHub Developer that would tell integrators which GraphQL fields are accessible by scope. We’ve taken your feedback and passed it along to the appropriate teams. Thanks again for reaching out 😀 |
Beta Was this translation helpful? Give feedback.
-
I’m seeing inconsistency in how the access rules are applied. I developed a GitHub App with a temporary organisation. A few colleagues joined the organisation as guinea pigs, one of whom hides his email. The following query has worked consistently, returning
Now I have installed my app into another organisation, and I am consistently getting “Resource not accessible by integration” until I remove the Thanks, Gavin. |
Beta Was this translation helpful? Give feedback.
Hi @c-brooks,
Thanks again for your patience, here is the feedback based on our Support teams research:
The reason that request returns the specific error message is because a user’s email is only accessible via user-to-server request (in other words, an OAuth token and not an installation token).
Here’s some more context: when a GitHub App is installed to a repo, it requests repo-specific permissions to the authorizing user. However, a GitHub App can only get user-specific information if the user in question has chosen to be identified by the app as a part of the User Authorization flow described here:
https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-use…