Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 2
Message 1 of 4

Accessing public pull request data using GitHub App

While moving an OAuth app to a GitHub app, I noticed that some data that is accessible publicly (i.e. without an access token) is not available to users that authenticated with a GitHub app if that app is not installed to the repository in question.

 

For example, hitting

 

GET https://api.github.com/repos/octocat/Spoon-Knife/pulls

 

without an access token works fine, but using an access token returned from 

https://github.com/login/oauth/access_token gives the following response:
 
Status: 403 Forbidden

{
    "documentation_url": "https://developer.github.com/v3/pulls/#list-pull-requests",
    "message": "Resource not accessible by integration"
}
 
Is this intentional?
3 Replies
Community Manager
Message 2 of 4

Re: Accessing public pull request data using GitHub App

Hi @tcdoors,

 
Thank you for being here! Could you please send us the full output of a `curl -v` request that demonstrates the problem?

 

http://curl.haxx.se/

 

That should help us investigate the issue. Also, please make sure you mask any sensitive information like OAuth tokens and Authorization headers in the output of the curl command. Please send the output to https://github.com/contact. And include a link to this thread to give support some background on the ticket.

 

I hope this helps!

 

Best,

Andrea


Best,
AndreaG

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Copilot Lvl 2
Message 3 of 4

Re: Accessing public pull request data using GitHub App

Hi Andrea,

 

Thanks for the reply. I've forwarded the below information to https://github.com/contact, but copying here as well:

 

Prerequisites: 

 

- Using a GitHub application (as opposed to an OAuth application), generate a user access token using the steps described here: https://developer.github.com/apps/building-github-apps/identifying-and-authorizing-users-for-github-..., and set this as the GITHUB_ACCESS_TOKEN environment variable.

 

Steps to reproduce:

 

1. Accessing the "Get a single repository" endpoint for a public repository works as expected, even if the GitHub app is not installed to that repository:

  

$ curl https://api.github.com/repos/octocat/Spoon-Knife -H "Content-Type: application/json" -H "Authorization: bearer $GITHUB_ACCESS_TOKEN" -I
HTTP/1.1 200 OK

 

2. However, accessing "List pull requests" endpoint for this repository fails:

  

$ curl https://api.github.com/repos/octocat/Spoon-Knife/pulls -H "Content-Type: application/json" -H "Authorization: bearer $GITHUB_ACCESS_TOKEN" -I
HTTP/1.1 403 Forbidden

 

3. An identical request without authentication completes successfully:

 

$ curl https://api.github.com/repos/octocat/Spoon-Knife/pulls -H "Content-Type: application/json" -I
HTTP/1.1 200 OK

 

Using an OAuth App (instead of a GitHub App) works as expected.

 

Ground Controller Lvl 2
Message 4 of 4

Re: Accessing public pull request data using GitHub App

Was there any resolution to this issue? I'm experiencing a similar problem (with commit data instead of pull request data) and I'm not sure how to go about it.