GItHub App access to repositories in organization - github3.py

I have a Github App created under an organization and is installed to a repository under same organization. I tried reading a file from the same repository after authenticating using github3 login_as_app_installation API. I get below error
File "/lib/python3.6/site-packages/github3/repos/repo.py", line 1618, in file_contents
json = self._json(self._get(url, params={"ref": ref}), 200)
File "/lib/python3.6/site-packages/github3/models.py", line 156, in _json
raise exceptions.error_for(response)
github3.exceptions.ForbiddenError: 403 Resource not accessible by integration
But I am able to add issue_comments after authenticating with the same API. Am I missing any permissions or problem is somewhere else?

There was a request to approve the Read access to code from Github for this app. It started working after explicitly approving it.

Related

Grafana Github authentication - Github returns empty team list

I'm trying to configure Grafana to authenticate using Github, but only for members of a certain team. I've configured the documentation, but Github returns an empty list when Grafana tries to fetch the users teams.
logger=oauth.github t=2022-05-22T13:23:16.6+0000 lvl=dbug msg="HTTP GET" url="https://api.github.com/user/teams?per_page=100" status="200 OK" response_body=[]
I've configured Grafana to use the user:email,read:org scopes according to the documentation.
I figured I might have to add some permissions to the GitHub app I created, but I can't find any permission that grants access to the user/teams endpoint requested by Grafana.
What am I missing?
Just figured it out...
I had created a GitHub App, not a GitHub OAuth App.
The devil is in the details

OAuth Scope required for Creating Github pull requests with Personal Access Token

I need to create documentation giving instructions to generate a Personal Access Token that will only need to create Pull Requests on Github.
I've read the documentation describing the various OAuth scopes, but it is still not clear to me which OAuth scope(s) I need to select in order to be able create a Pull Request.
What OAuth scope(s) need to be selected for users to be able to create Pull Requests?
From https://docs.github.com/en/rest/reference/pulls#create-a-pull-request:
To open or update a pull request in a public repository, you must have write access to the head or the source branch. For organization-owned repositories, you must be a member of the organization that owns the repository to open or update a pull request.
The repos scope should be needed.
And, with the GitHub CLI gh v2.22.0 (Jan. 2023), you can search from within your local cloned GitHub repository:
See gh auth status --show-token: it will display the auth token you are using.

Azure DevOps login via github fails

I get the following error
We cannot complete your request
server_error: The request could not be completed. Please try again later.
Error link:
https://login.live.com/HandleGithubResponse.srf?code=c3f48c4783f6d1d5ef1b&state=38FEE58AB9343DAB#
update
I used GitHub to log in to Azure before, and published a plugin. Now, when I want to log in to Azure using GitHub, I will be forced to log in to my MS account. My mailbox is rxliuli#gmail.com on both MS and GitHub.
At the same time, I created an organization rxliuli after logging in with an MS account, Azure did not have any errors, but when I want to log in to rxliuli (create a personal token), it will prompt ERROR Failed request: (401) What's wrong, is there any way for me to use the publisher name rxliuli after logging in with GitHub before?
update
I can't use vsce to create any new users right now. . .
update
Currently, I can use github to log in to azure, but using vsce login rxliuli still shows ERROR Failed request: (401), I am sure that the token has all permissions and has not expired
Well, actually because the token I created has no choice to allow all organizations. . .
ref: https://code.visualstudio.com/api/working-with-extensions/publishing-extension#i-get-403-forbidden-or-401-unauthorized-error-when-i-try-to-publish-my-extension

How to connect Azure Devops with GitHub without giving it access to all repositories?

When I try to authorize Azure Devops to get access to my GitHub repositories it wants full access to everything, including:
This application will be able to read and write all public and private repository data. This includes the following:
Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys
Collaboration invites
But that is to broad access to my taste, how can I just give it access to specific repositories without giving it access to everything?
Create a specific user that has the exact permissions you would grant, create an Access Token for that user to strip some of the requested permissions, don't use the OAuth flow.

Gitlab API - Getting 401 unauthorized when trying to access api with private access token

I am trying to call Gitlab API from my AngularJS code as below
$http.get("https://git.company.com/api/v4/projects?private_token=xxx");
I generated the PAT from my organization's gitlab user settings. I tried the curl command and still getting 401. If I make the same call without the private_token then I get the public projects, so connection to the API itself is not an issue. Has anytime come across this before? What am I missing?
You need to send projectId as well in url to identify the repository in gitlab and ref as in which branch. below url has projectId as 1234 and in master branch.
https://git.company.com/api/v4/projects/1234?ref=master&private_token=xxx"