Closed Korporal closed 6 years ago
I haven't played with GitHubApps myself but from the documentation there are only a specific set of endpoints they can use
@ryangribble - Hi, Yes I have asked the question on the Github forum a week ago about endpoints and GitHub app, so far no reply. I can also see that the document you guys refer to is about an OAuth App not a GitHub App so my case isn't the same.
That article is written in the past, before GitHubApps existed as they do today. It talks about application oauth flow and as far as I know should still be correct/accurate.
GitHubApps are a new type of integration which have their own authentication method involving generating a signed time bound JWT token using the private cert of the GitHubApp and always have the identity of the app (or an installation of the app) and don't actually impersonate a user like the earlier oauth flow effectively does. GitHubApps also can only access a selected subset of endpoints
I'm just beginning to code basic logic for a GitHub app I'm developing. I'm exploring OAuth access as explained in this article about Octokit. The same article is also cited in this Octokit documentation page.
The app is installed on my GitHub account for a specific repo and it can redirect to GitHub and back and that seems to work fine. The app is installed as a GitHub App not an OAuth App incidentally.
The problem I get is that once authenticated (i.e. the authorization handler has completed inside the MVC controller and a valid token is now present) the app makes a simple call to
client.Repository.GetAllForCurrent()
as is also done in that article.That call fails with the error message that's the title of this issue.
I noticed that the article contains this comment:
and I'm not quite sure what "requires that the user be logged in to work" means, does it simply mean the outbound REST request must be authenticated and posses valid credentials (as is the case after the redirected user approves) or is there something else implied in that comment? There is no "user" here just an ASP.NET web app which has authenticated as described in the article.
If I alter that call and instead call
GitHub.Repository.Get(MY_GITHUB_USERNAME, ONE_OF_MY_PRIVATE_REPOS)
The app gets a
NotFoundException
when it's not yet authenticated rather than the expectedAuthorizationException
, but once redirected to GitHub and the app authenticates the call works and returns the repo's details.The App installed at GitHub only has permission to see this one repo and I would have expected
GetAllForCurrent
to get all the repos it was authroized to get, namely that one.Thx