Open maniac103 opened 7 years ago
Tunous
commented
7 years ago Probably the best option would be to add a listing of organizations with information about restrictions. If someone searched for repositories from organization then they would most likely go to that screen and see the information.
KOLANICH
commented
6 years ago Regular OAuth tokens shouldn't be used for that. OAuth is used on GitHub to give access to a foreign org. An org has access in background. Use personal tokens instead.
maniac103
commented
6 years ago @KOLANICH I don't understand. What exactly do you mean by 'regular' tokens?
KOLANICH
commented
6 years ago There are 2 kinds of oauth tokens on GH. One is for orgs, for example tokens for Travis. I call it regular because I have more of them in account than personal ones. Another one is "personal" - for apps. For example for forkhub, github for windows and composer.
maniac103
commented
6 years ago We're using the regular web flow for generating the tokens (https://developer.github.com/apps/building-oauth-apps/authorization-options-for-oauth-apps/#web-application-flow) ... I'd assume this generates personal tokens (as otherwise we wouldn't have the issue in question anyway)
KOLANICH
commented
6 years ago I guess this should be used: https://developer.github.com/v3/oauth_authorizations/#get-or-create-an-authorization-for-a-specific-app
disclaimer: I may be wrong.
Oauth app restrictions seem to be enabled for all recent organizations. Since we use Oauth since 4.1, we're now subject to those restrictions, which means that by default we don't have write access to organizations. We need to deal with that in some way or another:
Unfortunately, there doesn't seem to be an API for querying whether one's own app (here: Octodroid) is subject to those restrictions, otherwise the solution would have been easy.
@slapperwan @Tunous Any thoughts?