Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 3
Message 1 of 4

API v4 - Unable to Retrieve Email - Resource not accessible by integration

Solved! Go to Solution.

Hi,

I am trying to retrieve information on pull requests, including the author's email (and the emails of reviewers and commentors). Unfortunately whenever I include the "Email" field in my query I get the error "Resource not accessible by integration". Removing the Email field removes this error.

 

Simplified query:

query Github_PullRequests($name: String!, $owner: String!) {
  repository(owner: $owner, name: $name) {
    name
    pullRequests(first: 1) {
      nodes {
        number
        title
author { ... on User { login email # <- causes problem name } }
} pageInfo { hasNextPage endCursor } totalCount } } }

 

Response:

{
  "data": {
    "repository": {
      "name": "api",
      "pullRequests": {
        "nodes": [
          {
            "number": 1,
            "title": "Update project's namespace",
            "author": null
          }
        ],
        "pageInfo": {
          "hasNextPage": true,
          "endCursor": "Y3Vyc29yOnYyOpHOCxMLQA=="
        },
        "totalCount": 487
      }
    }
  },
  "errors": [
    {
      "type": "FORBIDDEN",
      "path": [
        "repository",
        "pullRequests",
        "nodes",
        0,
        "author",
        "email"
      ],
      "locations": [
        {
          "line": 12,
          "column": 13
        }
      ],
      "message": "Resource not accessible by integration"
    }
  ]
}

The Permissions I have given (all read-only):

  • Repository contents
  • Issues
  • Repository metadata 
  • Pull requests 
  • Organization members 
  • Repository webhooks

User Permissions:

  • Emails 

 

I couldn't find a comprehensive list of the permissions and what access they give, so forgive me if it's a silly error on my part. I have tried the same query using a personal access token and it works fine.

 

3 Replies
Community Manager
Message 2 of 4

Re: API v4 - Unable to Retrieve Email - Resource not accessible by integration

Hi @c-brooks ,

 

Thanks for being here! And thank you for your patience while we researched your question. To be able to help you better could you answer the following:

 

What kind of request is this?: is it server-to-server (using an installation token) or user-to-server (using an OAuth token)?

Thanks for being here, sharing, and keeping our community awesome!
Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Copilot Lvl 3
Message 3 of 4

Re: API v4 - Unable to Retrieve Email - Resource not accessible by integration

Thanks for the reply - sorry, I should have stated in the original post. It's an installation token for a Github App

Solution
Community Manager
Message 4 of 4

Re: API v4 - Unable to Retrieve Email - Resource not accessible by integration

Hi @c-brooks,

 

Thanks again for your patience, here is the feedback based on our Support teams research:

 

The reason that request returns the specific error message is because a user's email is only accessible via user-to-server request (in other words, an OAuth token and not an installation token).

 

Here's some more context: when a GitHub App is installed to a repo, it requests repo-specific permissions to the authorizing user. However, a GitHub App can only get user-specific information if the user in question has chosen to be identified by the app as a part of the User Authorization flow described here:

https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-...

 

At the end of the authorization flow, that OAuth token can be used to make a request to the GraphQL API to obtain the email value for some author. However, only emails from author's who have been authorized by the app can be obtained.

 

Thank you for your feedback on the documentation. It's a great point all user-to-server requests are documented, but there isn't a specific section in GitHub Developer that would tell integrators which GraphQL fields are accessible by scope. We've taken your feedback and passed it along to the appropriate teams. Thanks again for reaching out 😀

Thanks for being here, sharing, and keeping our community awesome!
Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!