2

I'm trying to use the apps-script-oauth2 library to access the GitHub API in a Google Apps Script. I'm creating the service like this:

function getGithubService(client_id, client_secret) {
  return OAuth2.createService("GitHub")
    .setAuthorizationBaseUrl("https://github.com/login/oauth/authorize")
    .setTokenUrl("https://github.com/login/oauth/access_token")
    .setClientId(client_id)
    .setClientSecret(client_secret)
    .setCallbackFunction("authCallback")
    .setPropertyStore(PropertiesService.getUserProperties())
    .setCache(CacheService.getUserCache())
    .setLock(LockService.getUserLock())
    .setScope("repo");
}

function authCallback(request) {
  let github_service = getGithubService();
  if (github_service.handleCallback(request)) {
    return HtmlService.createHtmlOutput("Success!");
  }
  return false;
}

I can launch the authentication endpoint okay and get a valid access token back. But the token I get doesn't seem to be authorised for any scopes. I can log the token and try to use it in a curl request:

$ token=ghu_<censored>
$ curl -i -H "Authorization: bearer ${token}" https://api.github.com/user
...
x-oauth-scopes: 
x-accepted-oauth-scopes: 
...

The result of this is that any request I make for a resource that requires an authorised scope either fails or returns an empty list. In particular, the /org/{org-name}/repos endpoint just returns [] even though I've specified the repo scope in the service configuration above.

(Update: my org only has private repos; if I request this endpoint for an org with public repos, I get a useable repo list. Apparently I need the repo scope to get private repos.)

I'm requesting the repo list like this:

  let service = getGithubService(client_id, client_secret);
  let org_name = "...";
  let url = `https://api.github.com/orgs/${org_name}/repos`;
  let response = UrlFetchApp.fetch(url, {
    headers: {
      Authorization: `token ${service.getAccessToken()}`,
      Accept: "application/vnd.github.v3+json"
    }
  });
  let repos = JSON.parse(response.getContentText());

On a possibly-related point, is there supposed to be some way to relate the scope names used in OAuth2 requests to the permissions you can give an app in the GitHub developer settings page? I'm not at all sure I've granted the right set of permissions to the GitHub app to be able to request the repo scope in an auth request, but there doesn't seem to be any documentation at all on how the two relate.

Improve this question
12
  • is it possible you run your flow without scopes set, and then it cached? now you added your scope to apps script call, but it keeps with old token (no scopes)? Commented Oct 20, 2021 at 14:01
  • @Kos - possible. But I've tried doing the auth flow in a combination of curl and incognito windows to try to rule this out, without any obvious change. I've also tried revoking all access tokens from the github developer settings. Commented Oct 20, 2021 at 14:03
  • Does this answer your question? How to list organization's private repositories via GitHub API? Commented Oct 20, 2021 at 14:23
  • specifically see stackoverflow.com/a/52752677/555121 Commented Oct 20, 2021 at 14:24
  • @Kos - as far as I can tell, no. I'm the administrator for the org and I haven't enabled any extra app restrictions. When I do the oauth flow to authorise the github app, I'm not offered a way to request org access. Commented Oct 20, 2021 at 16:13
Related questions
0
Making oAuth requests using Google Apps Script
2
Accessing Google Apps Script with CURL
0
Accessing Shoeboxed API with Google Apps Script (OAuth v2)
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.