Error message 'Resource not accessible by personal access token' when trying to perform mutation in Github GraphQL API

Question

I'm trying to build a simple Android app to list random repositories and be able to add a star to certain repos. Every time when I try to do a mutation to add a star to a project using Altair I get the said error message, but when I perform the same mutation from Github GraphQL Explorer the mutation is executed and the star is given to the repository. Why?

I'm using a fine-grained personal access token to do the work.

Mutation:

mutation AddStarMutation($id: ID!) { 
  addStar(input: {
    starrableId: $id
  }) {
    starrable {
      id
      stargazerCount
      viewerHasStarred
    }
  }
}

Error message:

{
  "data": {
    "addStar": null
  },
  "errors": [
    {
      "type": "FORBIDDEN",
      "path": [
        "addStar"
      ],
      "extensions": {
        "saml_failure": false
      },
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "message": "Resource not accessible by personal access token"
    }
  ]
}

This are the configuration for permissions used for the token

I'm able to perform query without any issues. What am I missing?

• If is possible to give stars to public repos, how do I do it?
• If is not possible using the Personal Access Token for mutations in public repos why addStar available in the docs?

I tried the documentation tutorial authentication, for query and mutation methods. https://docs.github.com/en/graphql/overview/about-the-graphql-api

Answer 1

Turned out what I was missing is to perform mutations on behalf a user you have to provide a login using the OAuth2 app authentication method. This way you prompt the permissions your app is using on behalf of the user. Check here in the docs: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps

Ps: I had checked this docs before posting the question but did not get the purpose of OAuth2 apps.