Error accessing GraphQL search when authenticated as a GitHub App Installation

I’m migrating from an Oauth App to a github App and I’m having issues accessing the search using the GraphQL API (v4)

I’m doing a search request, on Issue types. (filtered down to pull requests).
My app has the following permissions:

Read  access to code

Read access to issues, members, metadata, and pull requests

Using the search endpoint with graphQL worked correctly when I was authenticated using an Oauth App, but when I switch to an authentication as an App Installation, I get the following error:

“GitHub Apps are not allowed access to search”

I don’t understand, is it a global restriction ? If this is the case, why is the search issues and pull requests listed as enabled for github app for the rest API and not GraphQL ? (https://developer.github.com/v3/search/#search-issues-and-pull-requests)

If not, is this an issue with missing authorizations for my app ? I’ve stripped down my graphQL request to a bare minimum, requesting only the pull request number, but I’m still getting the error.

If search is indeed not available for github apps, is this feature on the roadmap ? I understant that github apps are now the preferred way to integrate with github, but not being able to access the search is a blocker for us.

3 Likes

Hi @hhk1,

Thanks for being here! GitHub App permissions are more granular than OAuth Apps/Personal Access tokens, and the GraphQL API currently does not have support the equivalent of the Contents API. If you wish to continue using your GitHub App with the Single File permission, but use the REST API, you can do so using one of the API endpoints accessible with the Single File permission.

I can confirm there is a schema request for this and I’ve taken your feedback and passed it along to the appropriate teams. Thanks again for reaching out :grinning:

Please make the GraphQL search query support user-to-server tokens and installation tokens. I want to search for issues/pull_requests and include the private ones in the result. Currently the search is completely blocked for GitHub Apps, even when searching public things.

2 Likes

Hi @andreagriffiths11 

I don’t see how the Single File permissions as anything to do with the search endpoint. Maybe I missed something but if I understand well, the problem here as said @hhk1 is that the search capability allowed for github apps on the REST API v3 is not allowed for the GraphQL endpoint.

This kind of requests can’t be performed:

query ($filter: String!) {
  search(type: ISSUE, query: $filter, first: 100) {
    issueCount
  }
}

The error being “GitHub Apps are not allowed access to search”

Is there any timeline for this ?

It’s highly important for us as well…

Thanks in advance to the team :slight_smile:

1 Like

Yes @toniopelo , I don’t understand either how the Single File permissions  is related to this issue.

Right now, the only solution I can think of, is to use the github app webhooks and aggregate the data in our own DB so that we can query it in a similar fashion, but that’s a huge amount of work for something that should be doable with graphQL.

@hhk1 wrote:

 

Right now, the only solution I can think of, is to use the github app webhooks and aggregate the data in our own DB so that we can query it in a similar fashion, but that’s a huge amount of work for something that should be doable with graphQL.

Woah, that’s such a pain to rely on the webhooks to recreate the state based on events…

Might even be unreliable in case of downtime from github or your service right ?

I agree with you that should be possible with the GraphQL API.

@andreagriffiths11 Please could we have an idea of the state of this request ?

Thanks for the ping @toniopelo, I’ll get an update today. 

check permissions

@andreagriffiths11 Did you get something new about our problem ?

@mrho0123 What do you mean ? I don’t see any permissions that would allow / deny search capabilities on GraphQL (I can perform the same operation over REST API v3 with the same installation token).

Moreover the error message is quite self explanatory: “GitHub Apps are not allowed access to search”

Working on it @toniopelo, thanks for the reminder!

2 Likes

@andreagriffiths11 

I’m sorry to bother you again but I’d like to have either a timeline either a “We won’t do it”.

I have strategical decisions to take for the development of my Github App and I would like to know if this “fix~feature” is gonna be available in the following months or if I’ll keep ask for updates every 2 weeks for a year.

I’m sorry for the tone of my message but I really need an answer so I can figure out what is the best decision for me between waiting for this thread to be resolved or rethinking my application. My SaaS is supposed to be operationnal in a couple of months and I’m still waiting for an answer…

Hey @toniopelo,

It’s no bother at all! I wish I had better news for you, Unfortunately, I can’t give you an ETA for when this will be enabled, latest update I’ve gotten shows me -The engineering team has an internal issue open to allow GraphQL API search for GitHub Apps, but no definite timeline as to when it would happen.

Hi @andreagriffiths11,

Is there any update regarding this ?

I can see that nothing has been done yet but I was wondering if there were an ETA or something ?

Still a big issue on my side :(.

Would be great to know the timeline as it can drastically change the amount of work on my Github App.

Have a nice day,

Antoine.

Up @andreagriffiths11 :see_no_evil:

Bump on this as well…

It’s increasingly frustrating trying to use the GraphQL documentation and sort out what is acceptable on these endpoints. The REST API clearly documents what a GitHub App can and cannot do, which isn’t the case for GraphQL.

Can we get a bit more background information as to why the search endpoint isn’t enabled?

For context, I’m getting all my organization’s vulnerabilities, which is an endpoint that is only available on GraphQL, and I need to use the search endpoint in order to filter out my organization’s repos. I’m happy to hear a better way - but I’m not seeing one at the current moment.

Using a GitHub App allows me not to use a personal access token for this and have better security.

EDIT: I was able to reformat my query to not use the search endpoint. However, it doesn’t seem the vulnerability alerts is available for GitHub Apps. Which is again… frustrating to find out after working through the queries. But it’s in beta. My major feedback here is to have what GitHub Apps can and cannot access for GraphQL endpoints.  It takes a lot of time to form a good query and then to find it doesn’t work with GitHub Apps just makes you feel like you’ve wasted your time.

1 Like

Any updates? Looking forward to be able to use the search api with github apps.

1 Like

Came here to second how frustrating it is to not have access to the Search endpoint and to not have GraphQL permissions be the same as REST permissions. I developed an app with a personal access token and only realized this restriction of Github App tokens when deploying :frowning:

2 Likes