Reputation: 808
Response from GitHub API not returning an access token with appropriate scopes to view private repos
I'm getting the response I want but the access token returned from GitHub returns with no scopes in the response:
// githubs response
{
access_token: 'a2ed9606c8b06bf00a16dc34584b1509462450a4',
token_type: 'bearer',
scope: ''
}
The token can't view private repos like my personal access token with the scopes enabled does. Am I doing something wrong or not contacting the correct endpoint?
// backend - Auth.js
var express = require('express');
var router = express.Router();
var fetch = require('isomorphic-fetch');
let token = null;
const createFetchOptions = (method, body = undefined) => {
const options = {
method,
headers: {
'Content-type': null,
'Accept': null,
},
};
options.headers['Content-type'] = 'application/json';
options.headers['Accept'] = 'application/json';
options.body = JSON.stringify(body);
return options;
};
const Fetcher = {
get: async (url) => {
const res =
await fetch(
url,
createFetchOptions('GET'),
);
return res;
},
post: async (url, body) => {
const res =
await fetch(
url,
createFetchOptions('POST', body),
);
return res;
},
}
router.post('/token', async (req, res) => {
const { clientId, clientSecret, sessionCode } = req.body;
const response = await Fetcher.post('https://github.com/login/oauth/access_token', {
client_id: clientId,
client_secret: clientSecret,
code: sessionCode,
});
const result = await response.json();
console.log(result)
res.json(result);
});
module.exports = router;
Upvotes: 2
Views: 1481
Answers (1)
Reputation: 3909
Your provided code seems to be missing the step where you request the user's GitHub identity by making a GET https://github.com/login/oauth/authorize request. I'm assuming you do include this call somewhere in your code because it is necessary to receive the sessionCode value that you are passing in the body of your POST https://github.com/login/oauth/access_token request.
In any case, this is the step where you would specify the various scopes that your application is requesting. The requested scopes are passed via the scope query parameter, delimited by spaces if you are requesting multiple scopes. For example, the following is a request for both the user and public_repo scopes:
GET https://github.com/login/oauth/authorize?
client_id=...&
scope=user%20public_repo
Upvotes: 2
Related Questions
- GitHub API: using 'repo' scope, but still can't see private repos
- GitHub personal access tokens scope only for getting releases data from private repo
- GitHub API returns 401 while trying to generate access token
- API access to GitHub organisation repo using personal access token
- How to access Private Repository through GitHub API?
- Problems Github Api Authorization
- Github OAuth Ignoring Scope Parameter in URL, Can't List Private Repos
- Can't access git private repos using personal access token even though I have given it all the scopes
- Getting access token from Github
- Getting Private Repos From Organization with GitHub API V3