GraphQL - Retrieving a viewer's Pull Request IDs results in "Resource not accessible by integration"

I’m trying to perform the following GraphQL query:

query($page_size: Int!, $cursor: String) {
  viewer {
    ... on User {
      pullRequests(first: $page_size, after: $cursor, states:OPEN) {
        totalCount
        nodes {
            id
        }
      }
    }
  }
}

with these variables:

{
	"cursor": null,
	"page_size": 3
}

However, it always results in the following response:

{
    "data": {
        "viewer": {
            "pullRequests": {
                "totalCount": 7,
                "nodes": [
                    null,
                    null,
                    null
                ]
            }
        }
    },
    "errors": [
        {
            "type": "FORBIDDEN",
            "path": [
                "viewer",
                "pullRequests",
                "nodes",
                0
            ],
            "locations": [
                {
                    "line": 6,
                    "column": 9
                }
            ],
            "message": "Resource not accessible by integration"
        },
        {
            "type": "FORBIDDEN",
            "path": [
                "viewer",
                "pullRequests",
                "nodes",
                1
            ],
            "locations": [
                {
                    "line": 6,
                    "column": 9
                }
            ],

The authorization is via an 

Authorization: token <user's access token after app login>

I thought this was a permissions issue, but I tried giving the app Read permissions to pretty much everything and it still forbids me from accessing the Pull Requests data. However, the totalCount field is returned successfully.

Am I doing something wrong? This query works perfectly on the Explorer

It sounds like what you’re saying is:

  1. You have an app that users authenticate against
  2. You run this query using the user’s OAuth token
  3. You’re getting a permissions error
  4. You have attempted to expand the permissions given to the app, not the user’s OAuth token

If my understanding is correct, increasing the app’s permissions won’t affect the permissions error received when using the user’s token. You would have to increase the permissions on the user’s token.

Please let me know if I misunderstood.

Hi @lee-dohm I had completely forgot about this issue and had just opened a similar one just now (correctly closed down).

Yes it’s a GitHub App the users authenticate against via OAuth. I then receive an OAuth access token at the end of the authentication process. However, I’m not sure how I would go about increasing the permissions on the user’s token? I couldn’t find anything in the app Settings.

I’m at a loss at what the problem is here.

EDIT: I checked the user-level scopes I’ve got set for the access token during the authentication flow and its the following: [“repo”, “read:org”, “admin:repo_hook”, “read:user”, “user:email”] which by the docs should be enough to get the Pull Requests?

It should be, unless you’re asking for PRs in an organization that has enabled OAuth app restrictions and the repositories are private. If that is the case, then an organization admin will have to authorize your app to access that organization’s information.

I hope that helps!

Thank you for your reply @lee-dohm but this is not it. The PRs I’m trying to access belong to a user (who belongs to the organization who owns the GitHub App).

I’ll continue searching…

You can also contact private support who can take a look at private account details and repository content. They should be able to execute your query and help you get to the bottom of things.

I hope that helps!