Getting past SSO for public data

Hi folks,

We’ve had some users from orgs on GitHub that require SSO notice that for Hacktoberfest, their PRs to public repos in those orgs aren’t being tracked.

After looking into this a bit, it seems that the API simply does not give us any data when we request public PRs for a user, authenticated as that user, for any org where the user is required to SSO. This seems to be the same policy issue that the web UI has, where even if you’re accessing a public repo in an org that requires you to SSO, you’ll still be forced to SSO.

The GraphQL request we’re making is authenticating as the user, and then getting their pull requests. Is there any known way to get around this SSO issue, that frankly I’d consider a bug, so that we can actually get all the public PRs that the user has?

Cheers,
Matt.

1 Like

For example, making the following request to get some of my recent PRs:

query {
  node(id: "MDQ6VXNlcjEyMzcxMzYz") {
    ... on User {
      pullRequests(first: 20, orderBy: { field: CREATED_AT, direction: DESC }) {
        nodes {
          url
        }
      }
    }
  }
}

We see that for the most part, the response is fine, except for one null value which corresponds to the error also sent back:

{
  "data": {
    "node": {
      "pullRequests": {
        "nodes": [
          [
            [
              "url",
              "https://github.com/nhcarrigan/we-love-hacktoberfest/pull/195"
            ]
          ],
          [
            [
              "url",
              "https://github.com/nhcarrigan/we-love-hacktoberfest/pull/194"
            ]
          ],
          // [...]
          null,
          [
            [
              "url",
              "https://github.com/MattIPv4/DNS-over-Discord/pull/42"
            ]
          ],
          [
            [
              "url",
              "https://github.com/discordjs/discord-api-types/pull/218"
            ]
          ],
          // [...]
        ]
      }
    }
  },
  "errors": [
    {
      "type": "FORBIDDEN",
      "path": [
        "node",
        "pullRequests",
        "nodes",
        10
      ],
      "extensions": {
        "saml_failure": true
      },
      "locations": [
        {
          "line": 10,
          "column": 9
        }
      ],
      "message": "Resource protected by organization SAML enforcement. You must grant your OAuth token access to this organization."
    }
  ]
}