From f6922eaf98bcfb380abcb68f7164b90b0744a77d Mon Sep 17 00:00:00 2001 From: Jess Hosman <1183847+jhosman@users.noreply.github.com> Date: Thu, 27 Apr 2023 10:44:39 -0700 Subject: [PATCH] GraphQL will now support fine-grained PATs (#36501) Co-authored-by: Hirsch Singhal <1666363+hpsin@users.noreply.github.com> --- .../graphql/guides/forming-calls-with-graphql.md | 13 +++++-------- content/graphql/guides/introduction-to-graphql.md | 8 ++++---- .../graphql/guides/managing-enterprise-accounts.md | 2 -- .../user-settings/graphql-classic-pat-only.md | 7 ------- data/reusables/user-settings/patv2-limitations.md | 1 - 5 files changed, 9 insertions(+), 22 deletions(-) delete mode 100644 data/reusables/user-settings/graphql-classic-pat-only.md diff --git a/content/graphql/guides/forming-calls-with-graphql.md b/content/graphql/guides/forming-calls-with-graphql.md index 43c57d4812..495aeceb12 100644 --- a/content/graphql/guides/forming-calls-with-graphql.md +++ b/content/graphql/guides/forming-calls-with-graphql.md @@ -16,18 +16,15 @@ shortTitle: Form calls with GraphQL ## Authenticating with GraphQL -{% note %} +You can authenticate to the GraphQL API using a {% data variables.product.pat_generic %}, {% data variables.product.prodname_github_app %}, or {% data variables.product.prodname_oauth_app %}. -**Note**: You need to create a {% data variables.product.pat_v1 %}, {% data variables.product.prodname_github_app %}, or {% data variables.product.prodname_oauth_app %} to authenticate to the GraphQL API. The GraphQL API does not support authentication with {% data variables.product.pat_v2 %}s. +### Authenticating with a {% data variables.product.pat_generic %} -{% endnote %} +To authenticate with a {% data variables.product.pat_generic %}, follow the steps in "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." The data that you are requesting will dictate which scopes or permissions you will need. For example, select the "issues:read" permission to read all of the issues in the repos your token has access to. +All {% data variables.product.pat_v2 %}s include read access to public repositories. To access public repositories with a {% data variables.product.pat_v1 %}, select the "public_repo" scope. -### Authenticating with a {% data variables.product.pat_v1_caps %} - -To authenticate with a {% data variables.product.pat_generic %}, follow the steps in "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)" to create a {% data variables.product.pat_v1 %}. The data that you are requesting will dictate which scopes you will need. For example, select the "read:user" scope to request data about users. Select the "public_repo" scope to request data about public repositories. - -If your token does not have the required scopes to access a resource, the API will return an error message that states what scopes your token needs. +If your token does not have the required scopes or permissions to access a resource, the API will return an error message that states the scopes or permissions your token needs. ### Authenticating with a {% data variables.product.prodname_github_app %} diff --git a/content/graphql/guides/introduction-to-graphql.md b/content/graphql/guides/introduction-to-graphql.md index 2ab4cbe27f..9cfd377a93 100644 --- a/content/graphql/guides/introduction-to-graphql.md +++ b/content/graphql/guides/introduction-to-graphql.md @@ -118,15 +118,15 @@ GraphQL is [introspective](https://graphql.github.io/learn/introspection/). This ```shell $ curl -H "Authorization: bearer TOKEN" {% data variables.product.graphql_url_pre %} ``` - + {% note %} - **Note**: If you get the response `"message": "Bad credentials"` or `401 Unauthorized`, check that you are using a valid token. The GraphQL API only supports authentication using a {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." + **Note**: If you get the response `"message": "Bad credentials"` or `401 Unauthorized`, check that you are using a valid token. If you receive a `403` error with `Resource not accessible by {% data variables.product.pat_generic %}`, ensure that your {% data variables.product.pat_v2 %} is targeted to the correct resource owner. For example, it must target the organization that owns the repository you are trying to access. {% endnote %} - + The results are in JSON, so we recommend pretty-printing them for easier reading and searching. You can use a command-line tool like [jq](https://stedolan.github.io/jq/) or pipe the results into `python -m json.tool` for this purpose. - + Alternatively, you can pass the `idl` media type to return the results in IDL format, which is a condensed version of the schema: ```shell diff --git a/content/graphql/guides/managing-enterprise-accounts.md b/content/graphql/guides/managing-enterprise-accounts.md index 705aac19bf..9d9a902af8 100644 --- a/content/graphql/guides/managing-enterprise-accounts.md +++ b/content/graphql/guides/managing-enterprise-accounts.md @@ -49,8 +49,6 @@ For some example queries, see "[An example query using the Enterprise Accounts A ### 1. Authenticate with your {% data variables.product.pat_generic %} -{% data reusables.user-settings.graphql-classic-pat-only %} - 1. To authenticate with GraphQL, you need to generate a {% data variables.product.pat_generic %} from developer settings. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." 2. Grant admin and full control permissions to your {% data variables.product.pat_generic %} for areas of your enterprise you'd like to access. For full permission to private repositories, organizations, teams, user data, and access to enterprise billing and profile data, we recommend you select these scopes for your {% data variables.product.pat_generic %}: diff --git a/data/reusables/user-settings/graphql-classic-pat-only.md b/data/reusables/user-settings/graphql-classic-pat-only.md deleted file mode 100644 index 75a9380460..0000000000 --- a/data/reusables/user-settings/graphql-classic-pat-only.md +++ /dev/null @@ -1,7 +0,0 @@ -{% ifversion pat-v2 %} -{% note %} - -The GraphQL API only supports authentication using a {% data variables.product.pat_v1 %}. For more information, see "[AUTOTITLE](/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token)." - -{% endnote %} -{% endif %} diff --git a/data/reusables/user-settings/patv2-limitations.md b/data/reusables/user-settings/patv2-limitations.md index a7521a6507..94b268eb10 100644 --- a/data/reusables/user-settings/patv2-limitations.md +++ b/data/reusables/user-settings/patv2-limitations.md @@ -4,5 +4,4 @@ - Only {% data variables.product.pat_v1_plural %} automatically have write access for internal repositories that are owned by your enterprise. {% data variables.product.pat_v2_caps %}s must be granted access to internal repositories.{% endif %} - Outside collaborators can only use {% data variables.product.pat_v1_plural %} to access organization repositories that they are a collaborator on.{% ifversion ghec or ghes or ghae %} - Only {% data variables.product.pat_v1_plural %} can access enterprises. ({% data variables.product.pat_v2_caps %} can access organizations owned by enterprises.){% endif %} -- Only {% data variables.product.pat_v1_plural %} can access the GraphQL API. - Some REST API operations are not available to {% data variables.product.pat_v2 %}s. For a list of REST API operations that are supported for {% data variables.product.pat_v2 %}s, see "[AUTOTITLE](/rest/overview/endpoints-available-for-fine-grained-personal-access-tokens)".