堆栈内存溢出
  简体   繁体   English

GitHub GraphQL API 使用来自 GithubAuthProvider 的访问令牌时返回禁止

[英]GitHub GraphQL API returning forbidden when using access token from GithubAuthProvider

 原文  2021-01-25 20:06:07       firebase/ firebase-authentication/ github-graphql/ github-app

问题描述

I'm using GithubAuthProvider with the added scope repo to get the user's access token which is later used to access the GitHub GraphQL API (the GitHub App has the permissions for Contents and Metadata set to Read-only). I'm using GithubAuthProvider with the added scope repo to get the user's access token which is later used to access the GitHub GraphQL API (the GitHub App has the permissions for Contents and Metadata set to Read-only).

The problem is when I'm trying to list private repos.问题是当我试图列出私人回购时。 The API returns an empty array as if I don't have the required permissions. API 返回一个空数组,就好像我没有所需的权限一样。 Moreover, when I try to list branches of a user's repo it returns an error of type FORBIDDEN .此外,当我尝试列出用户存储库的分支时,它会返回类型为FORBIDDEN的错误。

Query:询问:

query {
    viewer { 
    repository(name: "some-repo") {
      refs(refPrefix: "refs/heads/", first: 10) {
        nodes {
          name
        }
      }
    }
  }
}

Response:回复:

{
    "data": {
        "viewer": {
            "repository": {
                "refs": null
            }
        }
    },
    "errors": [
        {
            "type": "FORBIDDEN",
            "path": [
                "viewer",
                "repository",
                "refs"
            ],
            "extensions": {
                "saml_failure": false
            },
            "locations": [
                {
                    "line": 7,
                    "column": 7
                }
            ],
            "message": "Resource not accessible by integration"
        }
    ]
}

What am I missing?我错过了什么?

2 个解决方案

解决方案1
 0  2021-02-02 14:45:57

For GitHub GraphQL API, only scope repo may not be enough.对于 GitHub GraphQL API,仅 scope repo可能不够。

Following are scopes requested for reference.以下是要求参考的范围。 Authenticating with GraphQL 使用 GraphQL 进行身份验证

user
public_repo
repo
repo_deployment
repo:status
read:repo_hook
read:org
read:public_key
read:gpg_key

The API returns an empty array as if I don't have the required permissions.
I wonder whether you are query under the viewer .不知您是否在viewer下查询。 viewer can get the private repos he/she owned . viewer可以获得他/她拥有的私人回购。 For repos owned by other people, you can try对于其他人拥有的repos,您可以尝试

repository(name: "repo-name", owner: "login") {
  name
}

It will return NOT_FOUND error if you don't have the required permissions.如果您没有所需的权限,它将返回NOT_FOUND错误。

Your query works fine for me:)您的查询对我来说很好:)

解决方案2
 0 已采纳  2021-02-04 18:14:56

It turns out I read through the Firebase instructions too fast and created a Github App instead of an OAuth App.事实证明,我过快地阅读了 Firebase 指令并创建了 Github 应用程序而不是 OAuth 应用程序。

It's now working as it should.它现在可以正常工作了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 [Firebase-OAuth]:如何为回头客访问 GitHub 凭据/访问令牌 - [Firebase-OAuth]: How to access GitHub credentials/access token for returning customers Firebase 使用来自 REST 的令牌登录 API - Firebase SignIn Using a Token from REST API 使用 Firebase 身份验证时令牌服务 API 中的错误请求 - Bad Requests in Token Service API when using Firebase Auth 对ID令牌使用REST API时对Firebase存储进行身份验证 - Authentication for Firebase Storage when using REST API for id token 为什么这个 CORS 认证的 Google Cloud Function 在从 Firebase 身份验证传递 id 令牌时返回 403? - Why is this CORS authenticated Google Cloud Function returning a 403 when passing an id token from Firebase authentication? 在哪里安全地存储用于来自 Monzo 银行 api 请求的 api 请求的访问令牌 - Where to securely store an access token used for api requests from the Monzo bank api 使用getAuth()的Firebase访问令牌 - Firebase access token using getAuth() 如何使用 CURL 和 API 密钥和服务帐户令牌访问 Firestore? - How do I access Firestore using CURL with an API Key and service account token? 无法使用 GitHub 个人访问令牌(以前工作过)对 Firebase 进行身份验证 - Unable to Authenticate Firebase with GitHub Personal Access Token (Previously Worked) 使用firebase Facebook auth提供的访问令牌访问Facebook API? - Use access token provided by firebase Facebook auth to access Facebook API?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM