search

octokit / octokit.net

A GitHub API client library for .NET
https://octokitnet.readthedocs.io/en/latest/
MIT License
2.68k stars 1.07k forks source link

"One or more errors occurred. (user/repos was not found.)" #1776

Closed Korporal closed 6 years ago

Korporal commented 6 years ago

I'm just beginning to code basic logic for a GitHub app I'm developing. I'm exploring OAuth access as explained in this article about Octokit. The same article is also cited in this Octokit documentation page.

The app is installed on my GitHub account for a specific repo and it can redirect to GitHub and back and that seems to work fine. The app is installed as a GitHub App not an OAuth App incidentally.

The problem I get is that once authenticated (i.e. the authorization handler has completed inside the MVC controller and a valid token is now present) the app makes a simple call to client.Repository.GetAllForCurrent() as is also done in that article.

That call fails with the error message that's the title of this issue.

I noticed that the article contains this comment:

     // The following requests retrieves all of the user's repositories and
     // requires that the user be logged in to work.

and I'm not quite sure what "requires that the user be logged in to work" means, does it simply mean the outbound REST request must be authenticated and posses valid credentials (as is the case after the redirected user approves) or is there something else implied in that comment? There is no "user" here just an ASP.NET web app which has authenticated as described in the article.

If I alter that call and instead call

GitHub.Repository.Get(MY_GITHUB_USERNAME, ONE_OF_MY_PRIVATE_REPOS)

The app gets a NotFoundExceptionwhen it's not yet authenticated rather than the expected AuthorizationException, but once redirected to GitHub and the app authenticates the call works and returns the repo's details.

The App installed at GitHub only has permission to see this one repo and I would have expected GetAllForCurrentto get all the repos it was authroized to get, namely that one.

Thx

ryangribble commented 6 years ago

I haven't played with GitHubApps myself but from the documentation there are only a specific set of endpoints they can use

https://developer.github.com/v3/apps/available-endpoints/

Korporal commented 6 years ago

@ryangribble - Hi, Yes I have asked the question on the Github forum a week ago about endpoints and GitHub app, so far no reply. I can also see that the document you guys refer to is about an OAuth App not a GitHub App so my case isn't the same.

ryangribble commented 6 years ago

That article is written in the past, before GitHubApps existed as they do today. It talks about application oauth flow and as far as I know should still be correct/accurate.

GitHubApps are a new type of integration which have their own authentication method involving generating a signed time bound JWT token using the private cert of the GitHubApp and always have the identity of the app (or an installation of the app) and don't actually impersonate a user like the earlier oauth flow effectively does. GitHubApps also can only access a selected subset of endpoints