I am following the instructions for creating a new installation token with reduced permissions at https://developer.github.com/v3/apps/#create-a-new-installation-token. This is working fine except that when I request `repository_metadata` like this:
payload = { 'repository_ids': [ <id> ], 'permissions': { 'repository_metadata': 'read', } }
I get the following error message:
> There is at least one permission resource that is not supported.
Interestingly the request succeeds if I use just `metadata` instead of `repository_metadata`, indicating that there is likely an inconsistency between the documentation and the code.
I have spotted another oddity with this API. If I make a request with `permissions` specified but with `repository_ids` missing or the empty list, then the `permissions` section is ignored. This occurs even if a permission is requested that the app doesn't have.
E.g. payload:
payload = { 'repository_ids': [ ], 'permissions': { 'pull_requests': 'read', } }
Response:
{ "token": "<token>", "repository_selection": "selected", "expires_at": "2019-08-09T16:20:52Z", "permissions": { "metadata": "read", "pull_requests": "write" } }