3

Trying to access files in the private repositories of a Github organization of which I am a member, using the API. Tried a couple different ways so far:

1. If I use the username/password method -- 

curl -u "sashafklein:mypassword" https://api.github.com/repos/:org/:repo/git/trees/:file_sha

it works fine, but I'm trying to access the repos from a collaborative Rails app, so I don't want to publicize my github login credentials. I suppose creating a dummy GH account with access and using those credentials is possible, but it's definitely not ideal..

2. So I looked at the OAuth2 Secret/Key method in the API docs. But it doesn't work. If I curl the org repo url with my credentials as params in the url:

curl -i "https://api.github.com/orgs/:org/repos?private&client_id=<ID>&client_secret=<SECRET>"

Only the public repos show up. This may be a problem with how I'm passing params (passing "?private=true" should theoretically then return an empty list, but the list is identical and all public repos), but I'm following the docs.

3. So I got frustrated and took a look at these docs for getting a OAuth token, but I'm confused about how to alter it so that there's no user interface -- ie, so that my app has automatic access to the Github Orgs of which I am a member, without users of it having to do anything in particular.

Any ideas what I'm doing wrong with attempt 2, or how to get attempt 3 working automatically? I'm pretty stumped.

EDIT I think my client_id/secret are wrong, cause even when I use Octokit, it can't access the protected repos. Am I understanding this wrong? As me, I created an "Application" on Github for my Rails app, and I'm trying to use those credentials to access the org's private repos (to which I am a contributor) using the API.

Community
  • 1
  • 1
Sasha
  • 6,224
  • 10
  • 55
  • 102
  • 1
    Recommend https://github.com/octokit/octokit.rb – Jesse Wolgamott Aug 14 '13 at 21:36
  • Cool gem! But I seem to still be having problems authenticating with it. If I pass in my credentials as the new client's client_id and client_secret, I still don't get access to the org's private repos. Is this a problem with my client_id and client_secret credentials? – Sasha Aug 14 '13 at 21:56

2 Answers2

1

In case anyone runs into this problem, here's the solution I found.

Apparently the client credentials I had weren't working. I think I didn't quite understand what they're for. The easiest way I could get this to work (ie, get permission for my rails app to access a private repo of which I was a member) was to use the username:password method (1, above).

So that my personal github credentials wouldn't be available to everyone using the app, I created a new dummy github account with access that serves exclusively as an api credentializer.

Sasha
  • 6,224
  • 10
  • 55
  • 102
  • Thanks for your feedback. I'm precisely facing the same issue. I find it surprising there is no more proper way though… Even more now since there is 2-step auth D: – Adrien Mar 23 '14 at 22:33
0

I am using Octokit with C# and encountered the same issue. After some investigation I found out it was a problem with my token permissions.

Token have scopes (https://developer.github.com/v3/oauth/#scopes) so to access private repositories you need 'repo' instead of 'public_repo' which I think was default.

This can be easily changed from Settings > Personal Access tokens > edit

Alfredo MS
  • 605
  • 6
  • 8