Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Copilot Lvl 3
Message 1 of 6

Error get commit author email when auth through username/password in GraphQL

So this works perfectly fine for OAuth/PAT but when I auth using username/password it gives following error, my expectation is given I have the username/password already I shall have full access. GitHub/GitHub Enterprise is consistent on this. And it works fine for other cases in GraphQL such as get a repo owner's email 

 

Error Message 

Your token has not been granted the required scopes to execute this query. The 'email' field requires one of the following scopes: ['user:email', 'read:user'], but your token has only been granted the: [''] scopes. Please modify your token's scopes at: https://abghe215.westus2.cloudapp.azure.com/settings/tokens.

 

GraphQL - Fails (Commit Author Email)

{
  repository(owner: "github", name: "training-kit") {
    object(expression: "HEAD") {
      ... on Commit {
        author {
          user {
            email
          }
        }
      }
    }
    nameWithOwner
  }
}
{
  "errors": [
    {
      "type": "INSUFFICIENT_SCOPES",
      "locations": [
        {
          "line": 7,
          "column": 13
        }
      ],
      "message": "Your token has not been granted the required scopes to execute this query. The 'email' field requires one of the following scopes: ['user:email', 'read:user'], but your token has only been granted the: [''] scopes. Please modify your token's scopes at: https://github.com/settings/tokens."
    }
  ]
}

 

GraphQL - Works (Repo owner email)

{
  repository(owner: "github", name: "training-kit") {
    nameWithOwner
    owner {
      ... on Organization {
        email
      }
    }
  }
}
{
  "data": {
    "repository": {
      "nameWithOwner": "github/training-kit",
      "owner": {
        "email": "support@github.com"
      }
    }
  }
}

 

 

5 Replies
Community Manager
Message 2 of 6

Re: Error get commit author email when auth through username/password in GraphQL

I'm suspect that this is because you're asking for:

 

 

... on Commit {
  author {
    user {
      email
    }
  }
}

 

 

Specifically, you're asking for the commit -> author -> user -> email instead of commit -> author -> email. The difference is that you're asking for the email of the GitHub user, which may or may not be public. If you ask for commit -> author -> email, then you'll get the email that is associated directly with the git commit, though it may be an anonymized one. You could also ask for commit -> author -> user -> name.

 

I hope that helps!

Copilot Lvl 3
Message 3 of 6

Re: Error get commit author email when auth through username/password in GraphQL

Thanks but the thing heere is `PAT` works but `username+password` does not - my question is - why would username/password has less permission than PAT? 

Community Manager
Message 4 of 6

Re: Error get commit author email when auth through username/password in GraphQL

It states in the GraphQL documentation under Authentication:

 

To communicate with the GraphQL server, you'll need an OAuth token with the right scopes.

 

There isn't an option for `username+password` authentication. Yes, you can do it if you follow the pattern used in the REST v3 documentation, but the result is a connection with no authorized scopes (as shown in the error message).

 

I haven't checked with the team, but my assumption as to why this might be the case is that it prevents people from creating scripts that circumvent the security benefits of OAuth or personal access tokens by hard-coding an account's username and password.

 

Copilot Lvl 3
Message 5 of 6

Re: Error get commit author email when auth through username/password in GraphQL

Thank you! I think I understand what you are saying and that makes sense - the username/password login is 'unscoped' hence might have a conflict with the API scope check (I've seen similar type of problem in other products supporting both PAT and user/pass) 

This do bring another question on what is the officially supported authentication method with GraphQL -  I don't feel the current doc explictily states that (one nit pick on the doc is it says OAuth token with right scopes and then in the following line says Create a personal access token.) May I ask for a doc clarification/improvement on what exactly are supported on the auth method for GraphQL (and REST)? 

Community Manager
Message 6 of 6

Re: Error get commit author email when auth through username/password in GraphQL

Yes, the GraphQL authentication docs mention both OAuth tokens and Personal Access tokens, they work in very similar ways but are created differently. But it doesn't mention using a username and password combination. 

 

On the other hand, the REST authentication docs explicitly mention using Basic Authentication, in other words a username and password, in addition to various token systems.

 

I'll pass along the suggestion for improvement to the docs team.