I have a simple ruby script that fetches data from GitHub using their API.
uri = URI.parse("https://api.github.com/search/issues?q=is:pr+is:merged+base:master+repo:organization/respository")
request = Net::HTTP::Get.new(uri)
request.basic_auth('github_username', 'github_password')
request['Accept'] = 'application/json'
request['Content-Type'] = 'application/json'
req_options = {use_ssl: uri.scheme == 'https'}
response =
Net::HTTP.start(uri.hostname, uri.port, req_options) do |http|
http.request request
end
raise response.body.inspect
This above request works just fine, but GitHub is deprecating password authentication (https://developer.github.com/changes/2020-02-14-deprecating-password-auth/), according to their guide I can use web application flow instead (https://developer.github.com/apps/building-oauth-apps/authorizing-oauth-apps/#web-application-flow).
The changes that I have to make according to their guide is to change:
curl -u my_user:my_password https://api.github.com/user/repos
to
curl -H 'Authorization: token my-oauth-token' https://api.github.com/user/repos
On my ruby script above, I replaced:
request.basic_auth('github_username', 'github_password')
with
request['Authorization'] = 'token my-access-token'
Instead of returning me the data, it gives me the following response:
{"message"=>"Validation Failed", "errors"=>[{"message"=>"The listed users and repositories cannot be searched either because the resources do not exist or you do not have permission to view them.", "resource"=>"Search", "field"=>"q", "code"=>"invalid"}], "documentation_url"=>"https://docs.github.com/v3/search/"}
I am getting access_token like this:
- Go to https://github.com/login/oauth/authorize?client_id=my-client-id
- Login and authorize
- Exchange
codewithaccess_tokenby making a POST request onhttps://github.com/login/oauth/access_tokenwithclient_id,client_secret,codeas params. - Use
access_tokenin the script above.
Is there anything that I might have missed? Or permission issues when using access_token instead of username and password?
My token works just fine because if I use an invalid token the response becomes:
{"message"=>"Bad credentials", "documentation_url"=>"https://docs.github.com/rest"}
It seems like there is not enough permission on using access_token vs username and password