GitHub App permissions for GraphQL query

I had this query working on my OAuth app with user:email, repo scope. It is returning 403 Forbidden when I auth with GitHub App. Query-

{
  viewer {
    repositories(first: 100, ownerAffiliations: OWNER) {
      totalCount
      nodes {
        nameWithOwner
        owner {
          avatarUrl
          login
        }
        languages(first: 10) {
          nodes {
            name
          }
        }
        defaultBranchRef {
          name
          target {
            ... on Commit {
              committedDate
              oid
              message
            }
          }
        }
      }
    }
  }
}

Permissions on the GitHub app-

"permissions":{"contents":"read","metadata":"read","pull_requests":"read","repository_hooks":"write","statuses":"read"}

Thanks!

From here looks like metadata should be enough-

https://developer.github.com/v3/apps/permissions/

1 Like

The reason this query doesn’t work is that the /repos endpoint returns public repos for the GitHub App’s token and the nested query eg /languages breaks the graphql query. The solution is to fetch /user/:install_id/repos/ and then iterate over returned queries. 

imho- public repos shouldn’t be returned for GitHub App in the first place as the app could be installed on a public repo in future.

How can I do the query you mention in  Github API v4?