无法在使用Github API(Github应用集成)时为github仓库加星或取消星标。

huangapple go评论70阅读模式
英文:

Unable to star/unstar a github repo when using the Github API (Github App integration)

问题

我尝试使用GitHub用户API的Github Star仓库通过Github App为当前用户(我自己)标记一个仓库。为了简化调试,我在Postman中进行调试。我通过我的应用程序“使用GitHub登录”获取了用户AccessToken,它有效,然后使用它发出标记仓库的请求,但是收到以下错误消息:

{
    "message": "Resource not accessible by integration",
    "documentation_url": "https://docs.github.com/rest/reference/activity#star-a-repository-for-the-authenticated-user"
}

这个错误表明Github App没有足够的权限,但我已经授予它标记仓库的权限,如下所示:

无法在使用Github API(Github应用集成)时为github仓库加星或取消星标。

并且这是我在目标仓库上安装它的地方。请注意,它是灰色的,并带有令人担忧的工具提示:

无法在使用Github API(Github应用集成)时为github仓库加星或取消星标。

注意事项:

  • 我知道令牌是有效的,因为检查用户是否已经标记了仓库可以正常工作,并且通过GET https://api.github.com/user/starred可以列出他们标记的仓库也可以正常工作。
  • 这是一个Github App,而不是OAuth App。
  • 安装的Github应用程序上的工具提示是一个红旗,但我不确定如何修复它。
  • 我已经尝试卸载/重新安装Github应用程序。
  • 我已经尝试重新触发Github应用程序的身份验证过程以获取新的令牌。

目标是确保成功标记仓库,具体来说,我是代表用户标记GitHub上的一个随机仓库,而不是用户拥有的仓库。

英文:

Im trying to use the Github Star repo for user API via a Github App to star a Repo for the current user (myself). im debugging in postman for simplicity. I get a user AccessToken via my app "login with github", which works, then with it make the request to star a repo but get back

{
    "message": "Resource not accessible by integration",
    "documentation_url": "https://docs.github.com/rest/reference/activity#star-a-repository-for-the-authenticated-user"
}

This error suggests that the Github App does not have sufficient permissions but I've granted it the ability to star repos seen here.

无法在使用Github API(Github应用集成)时为github仓库加星或取消星标。

and here's where I installed it on the target repo. Note it's greyed out and tooltip, which is concerning

无法在使用Github API(Github应用集成)时为github仓库加星或取消星标。

noteables:

  • I know the token is valid because checking if the user has already starred the repo works, and listing their starred repositories works via GET https://api.github.com/user/starred
  • this is a GithubApp not an OAuth App
  • the tooltip on the installed Github apps is a red flag, but im not sure how to fix it
  • I've tried uninstalling/reinstalling the GithubApp
  • I've tried retriggering the GithubApp Auth process to get a fresh token

The goal here is to have that star repo succeed is all, to be specific I'm starring a random repo on Github on behalf of the user not one owned by the user.

答案1

得分: 2

以下是您要翻译的内容:

"The "Choosing permissions for a GitHub App" includes:

The success of an API request with a user access token depends on the user's permissions as well as the app's permissions.

For example, if the app was granted permission to write the contents of a repository, but the user can only read the contents, then the user access token can only read the contents.

The success of an API request with an installation access token only depends on the app's permissions.

In your case, you have a User Access Token, so you need to check the "Permission levels for a personal account repository".

The OP reports, however, that it does work with an Oauth App.

The OAuth App is an application registered on GitHub that can be authorized by GitHub users to act on their behalf. The OAuth App uses OAuth tokens to interact with the GitHub API.
It is ideal for web applications or services where multiple users need to grant permissions to the application to perform actions on their behalf. The OAuth tokens issued to an OAuth App can have varying scopes based on what the user authorizes during the OAuth flow. These scopes can be requested dynamically.
The OAuth 2.0 authorization flow is used, which involves redirecting users to GitHub to authorize the app, after which they are redirected back to the application with an authorization code that can be exchanged for an access token. It represents an application or service and can act on behalf of many users.

In the context of starring a repository on behalf of a user, an OAuth App is more suitable because it allows users to authorize the application to perform user-level actions such as starring repositories.
As opposed to a User Access Token, which is more of a static token that is better suited for personal scripts or tools and lacks the dynamic authorization flow of an OAuth App.

I suspect the OAuth App works because of:

  • Its user impersonation, combined with:
  • Dynamic scopes
  • Trust through user consent
  • Flexibility (it can be used by multiple users. Each user who authorizes the app can grant it permissions to act on their behalf.)

It is designed for scenarios where an application needs to interact with GitHub on behalf of users, with permissions granted by the users.
Starring a repository is one of those actions that inherently belongs to a user's activity, and OAuth is well-suited for handling such cases.

For the OP, in the comments:

The reason it works now (I think) is because: GitHub Apps perform a user action that is done BY THE APP, NOT the user.
OAuth apps, when a user action is performed, is BY THE USER.

Hopefully that makes sense. I don't believe GitHub apps are designed to handle starring public repos, so I think the case was an example of using the wrong tool for the job."

英文:

The "Choosing permissions for a GitHub App" includes:

> The success of an API request with a user access token depends on the user's permissions as well as the app's permissions.
>
> For example, if the app was granted permission to write the contents of a repository, but the user can only read the contents, then the user access token can only read the contents.
>
> The success of an API request with an installation access token only depends on the app's permissions.

In your case, you have a User Access Token, so you need to check the "Permission levels for a personal account repository".

The OP reports however that it does work with an Oauth App.

The OAuth App is an application registered on GitHub that can be authorized by GitHub users to act on their behalf. The OAuth App uses OAuth tokens to interact with the GitHub API.
It is ideal for web applications or services where multiple users need to grant permissions to the application to perform actions on their behalf.
The OAuth tokens issued to an OAuth App can have varying scopes based on what the user authorizes during the OAuth flow. These scopes can be requested dynamically.
The OAuth 2.0 authorization flow is used, which involves redirecting users to GitHub to authorize the app, after which they are redirected back to the application with an authorization code that can be exchanged for an access token.
It represents an application or service, and can act on behalf of many users.

In the context of starring a repository on behalf of a user, an OAuth App is more suitable because it allows users to authorize the application to perform user-level actions such as starring repositories.

As opposed to a User Access Token, which is more of a static token that is better suited for personal scripts or tools, and lacks the dynamic authorization flow of an OAuth App.

I suspect the OAuth App works because of:

  • Its user impersonation, combined with:
  • Dynamic scopes
  • Trust through user consent
  • Flexibility (it can be used by multiple users. Each user who authorizes the app can grant it permissions to act on their behalf.)

It is designed for scenarios where an application needs to interact with GitHub on behalf of users, with permissions granted by the users.
Starring a repository is one of those actions that inherently belongs to a user’s activity, and OAuth is well-suited for handling such cases.

For the OP, in the comments:

> The reason it works now (I think) is because: GitHub Apps performs a user action its done BY THE APP, NOT the user.
Oauth apps when a user action is performed is BY THE USER.
>
> Hopefully that makes sense, I don't believe Github apps are designed to handle starring public repos, so I think the case was an example of using the wrong tool for the job.

huangapple
  • 本文由 发表于 2023年6月26日 21:59:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76557387.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定