Bug: Incorrect data returned for viewerXXX when running as GH App

I noticed a bug in the GraphQL API. This is in the context of developing a GH App that runs with admin permissions in order to monitor and enforce security settings.

Here is an example of the bug. The following GraphQL query returns correct data when run using a personal access token.

GraphQL query:
query viewerPermissionInfo {
repositoryOwner(login: “jonandersenverkada”) {
repositories(first: 100) {
nodes {

So when run with a personal access token, it correctly returns viewerPermission: ADMIN and viewerCanAdminister: True. However, when run as a GH App that has admin permission, it returns viewerPermission: None and viewerCanAdminister: false.

This does not appear to be a security bug, because while the data returned reports that the viewer does not have permission, the app does in fact have admin permission, and can successfully run mutations that change settings.

The context here is that I was trying to use viewerPermission and/or viewerCanAdminister to detect whether the app has the necessary permissions on the repo at runtime.

Happy to share more info on a closed forum if needed, if you have any trouble reproducing this issue.