So my next approach was to ask for `orgs/:org/members` for each Org as they synchronize from the Marketplace, store it on my side, then I can look up user->orgs later with my own data. Again, the `#metadata-permissions` documentation says Apps have access to this. I believe it's reasonable that --if an App is installed in the Org-- listing its members (including non-public) should be totally fine. But again, I get `Bad Credentials`: curl --silent \
-H "Authorization: Bearer $jwt" \
-H "Accept: application/vnd.github.machine-man-preview+json" \
"https://api.github.com/orgs/restyled-io/members" What is going on here? Is it really just impossible to find non-public members of orgs for which an App is installed?
... View more
In general: what is the recommended way for a GitHub App to list all of the organizations of a user who has installed the App -- or a user who is in an org that has the App installed (via Marketplace)? Details: https://developer.github.com/v3/apps/permissions/#metadata-permissions says that all Apps have read-only access to `users/:username/orgs`, so that's what I'm trying. I have two questions: 1- I'm getting a `Bad Credentials` error I'm using JWT authentication with my App Id/Key and I'm using the same function as I use for operations such as requesting an installation token or interacting with the `/marketplace-listing` API. And these other calls do work, so I'm very confident the code is correct. Is this endpoint not meant to be requested by an App using JWT? 2- If it does work, can I expect to see app-granted, but not public, organizations? It makes sense for non-App User Agents to only be able to see public organizations on this endpoint, as documented -- but for Apps, it would make sense to see all organizations that the App is authorized to see. So I'm wondering (ahead of time, if we fix (1) I can just test), if that's the case or not.
... View more