Issue accessing the branches API

I’m having a weird issue accessing the branches API https://developer.github.com/v3/repos/branches/#list-branches. I’ve got a GitHub application and my users use OAuth 2.0 tokens to log in (user-to-server requests). It’s a Go application and I’m using the https://github.com/google/go-github package for communication. However I can reproduce the issue using curl.

Let’s start with a simple example. I’m using the fake token abc123 in all examples. In reality I’m using a real token from my application. 

curl -H "Authorization: token abc123..." https://api.github.com/user

This works fine and I’m getting the following result.

{
  "login": "zemirco",
  "id": 1132354,
  ...
}

Now let’s try to get the branches for one of my public repositories.

curl https://api.github.com/repos/zemirco/json2csv/branches

This also works as expected and returns this result.

[
  {
    "name": "ci_testing",
    "commit": {
      "sha": "e3ebed661e4421ec10c07ca751081ed102b540d5",
      "url": "https://api.github.com/repos/zemirco/json2csv/commits/e3ebed661e4421ec10c07ca751081ed102b540d5"
    },
    "protected": false
  },
  ...
]

Now let’s try to do the same request but this time as an authenticated user.

curl -H "Authorization: token abc123..." https://api.github.com/repos/zemirco/json2csv/branches

This time I get an error back. This is unexpected since the repo is public and anybody should be able to access it.

{
  "message": "Resource not accessible by integration",
  "documentation_url": "https://developer.github.com/v3/repos/branches/#list-branches"
}

At first I thought it might be an issue with the token or my curl command. So I tried a different endpoint. This time it’s the commits API https://developer.github.com/v3/repos/commits/#list-commits-on-a-repository.

Again as an anonymous user.

curl https://api.github.com/repos/zemirco/json2csv/commits

This works fine.

[
  {
    "sha": "f989a7a95de92583f0d3f8710f74306cd30868bb",
    "node_id": "MDY6Q29tbWl0NDI5NzY5NTpmOTg5YTdhOTVkZTkyNTgzZjBkM2Y4NzEwZjc0MzA2Y2QzMDg2OGJi",
    "commit": {},
      "url": "https://api.github.com/repos/zemirco/json2csv/git/commits/f989a7a95de92583f0d3f8710f74306cd30868bb",
      "comment_count": 0,
      "verification": {}
    },
    ...
  }
]

Then, as before, as an authenticated user with token.

curl -H "Authorization: token abbc123..." https://api.github.com/repos/zemirco/json2csv/commits

This time it works and I get the same result as before. So the curl  command and the token seem to be ok. This is strange. I’m able to access the commits but I’m unable to access the branches.

I’m also able to access branches from repositories that have my application installed. However I’d also like to access branches from repos that don’t have my application installed.

So my question is: Why am I unable to see branches from a public repo as an authenticated user? And why do commits work?

Here are my GitHub application permissions if this is important.

Thank you! I’m really lost here. Until now the whole integration was super smooth.

Best regards,
Mirco

Any ideas? I haven’t found a solution yet. I had the problem with a private GitHub App. In the meantime I also tried to access the branches API with my public GitHub App https://seriesci.com/. There I’ve got the same problem :frowning:

I have same issue for the gitapp.

There is a permission configuration here. I hope I can give something valuble…

https://developer.github.com/enterprise/2.19/apps/differences-between-apps/#about-github-apps/