Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

403 Forbidden when using organizations api on github

Tags:

github

oauth

github-api

I have some problem adding a user to the organization using github api. I've used a GET request to get membership status with the organization that I'm an owner. But I get the response

GET http://api.github.com/orgs/romanc-org/memberships/gromanc
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 -- response --
403 Forbidden
Server:  GitHub.com
Date:  Tue, 15 Aug 2017 10:34:33 GMT
Content-Type:  application/json; charset=utf-8
Transfer-Encoding:  chunked
Status:  403 Forbidden
X-RateLimit-Limit:  5000
X-RateLimit-Remaining:  4995
X-RateLimit-Reset:  1502793489
X-OAuth-Scopes:  admin:org, repo, user
X-Accepted-OAuth-Scopes:  admin:org, read:org, repo, user, write:org
X-OAuth-Client-Id:  212a8581bdca54d1f503
X-GitHub-Media-Type:  github.v3; format=json
access-control-expose-headers:  ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin:  *
content-security-policy:  default-src 'none'
Strict-Transport-Security:  max-age=31536000; includeSubdomains; preload
X-Content-Type-Options:  nosniff
X-Frame-Options:  deny
X-XSS-Protection:  1; mode=block
X-Runtime-rack:  0.027377
Content-Encoding:  gzip
X-GitHub-Request-Id:  2F55:2B87:2E85F4A:6FC7673:5992CE39

{
  "message": "You must be a member of romanc-org to see membership information for gromanc.",
  "documentation_url": "https://developer.github.com/v3/orgs/members/#get-organization-membership"
}

I tried to fetch other users status but faile with the same error.

I also tried to PUT a user to the organization but get

PUT http://api.github.com/orgs/romanc-org/memberships/bt080527
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/json
{
  "login": "bt080527",
  "id": 30951532,
  "avatar_url": "https://avatars2.githubusercontent.com/u/30951532?v=4",
  "gravatar_id": "",
  "url": "https://api.github.com/users/bt080527",
  "html_url": "https://github.com/bt080527",
  "followers_url": "https://api.github.com/users/bt080527/followers",
  "following_url": "https://api.github.com/users/bt080527/following{/other_user}",
  "gists_url": "https://api.github.com/users/bt080527/gists{/gist_id}",
  "starred_url": "https://api.github.com/users/bt080527/starred{/owner}{/repo}",
  "subscriptions_url": "https://api.github.com/users/bt080527/subscriptions",
  "organizations_url": "https://api.github.com/users/bt080527/orgs",
  "repos_url": "https://api.github.com/users/bt080527/repos",
  "events_url": "https://api.github.com/users/bt080527/events{/privacy}",
  "received_events_url": "https://api.github.com/users/bt080527/received_events",
  "type": "User",
  "site_admin": false,
  "name": null,
  "company": null,
  "blog": "",
  "location": null,
  "email": null,
  "hireable": null,
  "bio": null,
  "public_repos": 0,
  "public_gists": 0,
  "followers": 0,
  "following": 0,
  "created_at": "2017-08-12T09:57:40Z",
  "updated_at": "2017-08-12T09:57:40Z"
}

 -- response --
403 Forbidden
Server:  GitHub.com
Date:  Tue, 15 Aug 2017 10:47:51 GMT
Content-Type:  application/json; charset=utf-8
Transfer-Encoding:  chunked
Status:  403 Forbidden
X-RateLimit-Limit:  5000
X-RateLimit-Remaining:  4997
X-RateLimit-Reset:  1502797454
X-OAuth-Scopes:  admin:org, repo, user
X-Accepted-OAuth-Scopes:  admin:org, repo
X-OAuth-Client-Id:  212a8581bdca54d1f503
X-GitHub-Media-Type:  github.v3; format=json
access-control-expose-headers:  ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
Access-Control-Allow-Origin:  *
content-security-policy:  default-src 'none'
Strict-Transport-Security:  max-age=31536000; includeSubdomains; preload
X-Content-Type-Options:  nosniff
X-Frame-Options:  deny
X-XSS-Protection:  1; mode=block
X-Runtime-rack:  0.200124
Content-Encoding:  gzip
X-GitHub-Request-Id:  2FED:2B88:139A091:2BBE319:5992D157

{
  "message": "You must be an admin to add or update an organization membership.",
  "documentation_url": "https://developer.github.com/v3/orgs/members/#add-or-update-organization-membership"
}

What I'm doing wrong?

like image 687
Roman C Avatar asked Jan 01 '26 17:01

Roman C

1 Answers

The reason why that's happening is that you're using a token for an OAuth application to perform an action on an organization. That organization has this feature enabled:

https://help.github.com/articles/about-oauth-app-access-restrictions/

but the application in question hasn't been whitelisted. So, the feature kicks in and makes the API behave as you are not a member of the organization.

You'll either need to whitelist the application in question for the organization, or disable that feature.

like image 63
Ivan Zuzak Avatar answered Jan 03 '26 05:01

Ivan Zuzak
Sign in to Comment

Related questions

Why would github application ask write access to my private repo?
Getting a Git repo submodule's target hash/SHA via Octokit.net?
Git revert is a merge but no -m option was provided [duplicate]
Search for GitHub repos which have certain package.json dependencies

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!