Python script to detect stale users in GitHub organizations fails getting members activity

Question

I have developed a Python script to detect stale users in GitHub organizations. In particular a script that gets all the users of a given GitHub organization and prints it's last activity date.

The script is as follows (explained below):

import requests

def get_github_organization_members(token, organization):
    url = f"https://api.github.com/orgs/{organization}/members"
    headers = {
        "Authorization": f"token {token}",
        "Accept": "application/vnd.github.v3+json"
    }
    
    members = []
    while url:
        response = requests.get(url, headers=headers)
        if response.status_code == 200:
            members_page = response.json()
            members.extend(members_page)
            url = response.links.get('next', {}).get('url')
        else:
            print(f"Failed to retrieve members: {response.status_code}")
            break

    for member in members:
        member_login = member['login']
        events_url = f"https://api.github.com/users/{member_login}/events/orgs/{organization}"
        events_response = requests.get(events_url, headers=headers)
        if events_response.status_code == 200:
            events = events_response.json()
            if events:
                last_event = events[0]
                last_activity = last_event['created_at']
                print(f"{member_login}: Last activity on {last_activity}")
            else:
                print(f"{member_login}: No recent activity")
        else:
            print(f"Failed to retrieve events for {member_login}: {events_response.status_code}")

if __name__ == "__main__":
    token = "<a given PAT token>"
    organization = "<a given GitHub organization>"
    get_github_organization_members(token, organization)

It works as follows:

• It get a list of the users using the https://api.github.com/orgs/{organization}/members GitHub API method.
• For each member in that list, it gets user information using https://api.github.com/users/{member_login}/events/orgs/{organization} GitHubAPI method.
• The <a given GitHub organization> is actually an organization name
• The <a given PAT token> is a GitHub token (as the API methods need authentication). It belongs to the user42 (actual user obfuscated) which belongs to the <a given GitHub organization> organization with "Owner" role.

With regards to the user42 PAT (Personal Access Token), taking into account above API documentation, it needs following permissions:

"Events" organization permissions (read)

...

"Members" organization permissions (read)

So the token is configured in that way:

So far, so good.

But, when I run the script I get this:

Failed to retrieve events for user1: 404
Failed to retrieve events for user2: 404
Failed to retrieve events for ...
Failed to retrieve events for user41: 404
user42: Last activity on 2025-02-15T20:56:16Z
Failed to retrieve events for user42: 404
...
Failed to retrieve events for user79: 404
Failed to retrieve events for user80: 404

So:

• The members of the organization are obtained correctly (the organization has 80 users, all them are printed)
• Activity information is not get in any user, except user42 (the one to who the PAT token belongs). All the other cases return a 404.

Probably I'm missing something... maybe the PAT token needs some other permissions? Maybe the users has to configure some way "I want my activity to be shared with the <a given GitHub organization>" in their profiles? Another reason?

In fact, any other way of achieving the goal of detecting stale users in GitHub organizations would suffice. Any feedback on this sense is also very welcome.