Github GraphQL API V4: INSUFFICIENT_SCOPES - api

When I query GitHub's GraphQL API with the following:
query RetrievePackagesAssociatedWithRepo($repo: String!, $owner: String!) {
repository(name: $repo, owner: $owner) {
packages(packageType: NPM, first: 10) {
edges {
node {
id
name
packageType
}
}
}
}
}
I received an error stating:
{
"errors": [
{
"type": "INSUFFICIENT_SCOPES",
"locations": [
{
"line": 6,
"column": 11
}
],
"message": "Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:packages'], but your token has only been granted the: ['read:gpg_key', 'read:org', 'read:public_key', 'read:repo_hook', 'repo', 'user'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens."
},
I followed the link https://github.com/settings/tokens and added the necessary permissions.
I tried to Authorizing a personal access token for use with SAML single sign-on but, the SSO button to enable is not present.
development settings token
Documentations I Followed: Creating Personal Token! | Authorizing Personal Token!
After trying out theses methods, the same error message persists "Your token has not been granted the required scopes".
My goal, through Github's API, is to retrieve packages associated with its repository.
Is there something I'm missing.

Related

Attempting to subscribe to a Shopify Webhook w/AWS EventBridge produces error: "Address is an AWS ARN and includes api_client_id 'x' instead of 'y'"

I'm running this request through Postman. Some posts to the Shopify developer forum (e.g., this one) express without clear explanation that the request should be made within the Shopify app that would be subscribing to the Webhooks, but Postman seems to work, too.
In Postman . . .
Here's the endpoint:
https://{{shopifyDevelopmentStoreName}}.myshopify.com/admin/api/2022-07/graphql.json
Here's the GraphQL body:
mutation createWebhookSubscription($topic: WebhookSubscriptionTopic!, $webhookSubscription: EventBridgeWebhookSubscriptionInput!) {
eventBridgeWebhookSubscriptionCreate(
topic: $topic,
webhookSubscription: $webhookSubscription
) {
webhookSubscription {
id
}
userErrors {
message
}
}
}
Here's the payload being sent (notice the "client_id_x" value within the arn property):
{
"topic": "PRODUCTS_CREATE",
"webhookSubscription": {
"arn": "arn:aws:events:us-east-1::event-source/aws.partner/shopify.com/client_id_x/LovecraftEventBridgeSource",
"format": "JSON",
"includeFields": "id"
}
}
Here's the response I receive:
{
"data": {
"eventBridgeWebhookSubscriptionCreate": {
"webhookSubscription": null,
"userErrors": [
{
"message": "Address is invalid"
},
{
"message": "Address is an AWS ARN and includes api_client_id 'client_id_x' instead of 'client_id_y'"
}
]
}
},
"extensions": {
"cost": {
"requestedQueryCost": 10,
"actualQueryCost": 10,
"throttleStatus": {
"maximumAvailable": 1000.0,
"currentlyAvailable": 990,
"restoreRate": 50.0
}
}
}
}
What's entirely unclear is why Shopify is insisting upon validity of "client_id_y" when, in AWS, the value being displayed is undeniably 'client_id_x'. Extremely confusing. I don't even see what difference using the Shopify app would make except that it produces a client_id value that works counter to one's expectations and intuitions.
Does anyone know why the heck Shopify isn't just using the client_id value of the event bus created earlier in Amazon EventBridge?
Same happend to me and I was lucky to find a solution.
The error message is just missleading.
I replaced the API Access Token for the Shopify Rest API Request (X-Shopify-Access-Token)
with the one from the Shopify App holding the aws credentials.
admin/settings/apps/development -> app -> API credentials -> Admin API access token. (can only be seen after creation)
Then I could subscribe webhooks to the app via the Rest Interface.

Office 365 Oauth with Nodemailer Can't create new access token

I am trying to use Nodemailer in express server with Oauth from Office 365 but I am getting Can't create new access token for user and {"code": "EAUTH", "command": "AUTH XOAUTH2" error. It seems like nodemailer is unable to obtain either the access token and refresh token and the user is not being authenticated to send mails.
const transporter = nodemailer.createTransport({
host: "smtp.office365.com",
port: 587,
secure: false,
tls: {
ciphers: "SSLv3"
},
requireTLS: true,
auth: {
type: "OAuth2",
user: process.env.SENDER_EMAIL,
clientId: "CLIENT_ID",
clientSecret: "CLEINT_SECRET",
accessUrl: "https://login.microsoftonline.com/SOMETHING_SECRET_HERE/oauth2/v2.0/authorize"
// pass: process.env.SENDER_PASSWORD
}
});
I am not familiar with OAuth 2.0 with Office 365 to begin with so there could be some configurations error etc. The nodemailer works fine if I use my account credentials though. Can someone please suggest me something to try out or let me know if my config is wrong.
Please note that, accessUrl is an endpoint for requesting new access token.
As you have passed Authorization endpoint, please try changing it to OAuth 2.0 token endpoint (v2).
You can find this endpoint value in the Portal like below:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App
Alternatively, you can make use of Microsoft Graph API to send the mails like below:
Make sure to have Mail.Send permission consented before using the below query:
POST https://graph.microsoft.com/v1.0/me/sendMail
{
"message": {
"subject": "Regarding leave approval",
"body": {
"contentType": "Text",
"content": "Please approve my leave request."
},
"toRecipients": [
{
"emailAddress": {
"address": "XXXXX"
}
}
],
"ccRecipients": [
{
"emailAddress": {
"address": "XXXXX"
}
}
]
},
"saveToSentItems": "false"
}
Response:
The mail was successfully triggered like below:
For more in detail, please refer the below links:
Send mail - Microsoft Graph v1.0 | Microsoft Docs
Modern Oauth2 authentication for sending mails using Nodemailer nodejs by Sivaprakash-MSFT

How to add mock data containing authorized owner to Amplify (either through GraphiQL or directly to AppSync)?

I'm working on a React app and testing some CRUD functionality by mocking the backend, creating some data through GraphiQL, and running the app (amplify mock, then yarn start).
I want to be able to create mock data tied to my user as the owner because most types in the schema are set up with owner authorization:
type XYZ
#auth(rules: [{ allow: owner, operations: [update, delete, create] }]) {
id: ID!
...more types...etc
}
Right now, I
run amplify mock
Go to GraphiQL local endpoint (192.etc....)
Run some createXYZ mutations to create data
Run my app w yarn start
login with testUser & password
Test the deleteXYZ button which should ideally remove a particular XYZ from the mocked data this is what doesn't work
I suspect what's happening is that I didn't run the createXYZ mutation as testUser, just as a generic GraphiQL user, so the owner property isn't tied to "myUserId". Is that the problem here?
How would I specify owner on my create mutations in GraphiQL?
This is the error I'm getting, pretty sure it means the XYZ object's owner is different than my testUser submitting the deleteXYZ request:
Error while executing Local DynamoDB
{
"version": "2018-05-29",
"operation": "DeleteItem",
"key": {
"id": {
"S": "18b152a6-c98d-4336-be74-1e122191"
}
},
"condition": {
"expression": "( #owner0 = :identity0) AND attribute_exists(#id)",
"expressionNames": {
"#owner0": "owner",
"#id": "id"
},
"expressionValues": {
":identity0": {
"S": "fd2a7758-f7ba-4d57-bdb0-e5346492"
}
}
}
}
Could I have to add the owner id in Amplify's GraphiQL Auth options popup?
I just ran into this issue. I was able to work around it by putting my Cognito User Sub in the username field.

Getting Forbidden 403 error while creating OnlineMeeting using Microsoft Graph api

I am trying to create online meeting through https://graph.microsoft.com/beta/communications/onlineMeetings .
initially i got the 403 Forbidden error. then i give the Delegated and Application permissions(OnlineMeetings.ReadWrite,OnlineMeetings.ReadWrite.All) on my registered app on azure.then 403 error is gone and i got new error 400 bad request(Organizer.Identity.User.Id missing).
then i supply Online meeting post request as follows-:
{
"startDateTime":"2020-04-20T14:33:30.8546353-07:00",
"endDateTime":"2020-04-20T15:03:30.8566356-07:00",
"subject":"Application Token Meeting",
"participants": {
"organizer": {
"identity": {
"user": {
"id": "cb6d6636-1c9e-457c-b904-5da8265a8927"
}
}
}
}
}
again i got 403 Forbidden error.
i created user with the help of https://graph.microsoft.com/v1.0/users and https://graph.microsoft.com/beta/invitations.
user is created in my app on azure and i give the permission (User.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All,User.ReadWrite.All, Directory.ReadWrite.All)
but error(403) did not change.
My question is that how to give user authorization in microsoft graph API.
The required permission is Delegated Permission: OnlineMeetings.ReadWrite. See reference here.
403 error means your access token doesn't include the required permission. You can add it like this:
Don't forget to click on "Grant admin consent for {your tenant}".
You should implement Get access on behalf of a user and get an access token to call /communications/onlineMeetings endpoint.
The http sample for your reference:
POST https://graph.microsoft.com/beta/communications/onlineMeetings
Content-Type: application/json
Authorization: Bearer {access token}
{
"startDateTime":"2019-09-09T14:33:30.8546353-07:00",
"endDateTime":"2019-09-09T15:03:30.8566356-07:00",
"subject":"Application Token Meeting",
"participants": {
"organizer": {
"identity": {
"user": {
"id": "550fae72-d251-43ec-868c-373732c2704f"
}
}
}
}
}
You can learn more details about Use the access token to call Microsoft Graph. Don't forget to put Authorization: Bearer {access token} in the request headers.

RingCentral Forwarding Number API `ReadUserForwardingFlipNumbers` permission

When I try the RingCentral Get Forwarding Number API:
GET /restapi/v1.0/account/{accountId}/extension/{extensionId}/forwarding-number
I get this error:
{
"errorCode" : "CMN-408",
"message" : "In order to call this API endpoint, user needs to have [ReadUserForwardingFlipNumbers] permission for requested resource.",
"errors" : [ {
"errorCode" : "CMN-408",
"message" : "In order to call this API endpoint, user needs to have [ReadUserForwardingFlipNumbers] permission for requested resource.",
"permissionName" : "ReadUserForwardingFlipNumbers"
} ],
"permissionName" : "ReadUserForwardingFlipNumbers"
}
I don't see this permission in the Online Account Portal (https://service.ringcentral.com), even under the Super Admin role. How can I resolve this and access this API?
ReadUserForwardingFlipNumbers is a user permission that is configured in the Online Account Portal. The user's assigned role needs to have the following corresponding permission in the Online Account Portal:
User Settings > Messages & Notifications
You can see this in the Online Account Portal under:
Users > Roles > {Role Name}
For example:
You can verify if your user has this permission by calling the following endpoint:
GET /restapi/v1.0/account/{accountId}/extension/{extensionId}/authz-profile
This will return a JSON object with a permissions property with an array of permissions. This permission looks like the following:
{
"permission": {
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/permission/ReadUserForwardingFlipNumbers",
"id": "ReadUserForwardingFlipNumbers",
"assignable": false,
"readOnly": false,
"siteCompatible": "Independent"
},
"effectiveRole": {
"uri": "https://platform.devtest.ringcentral.com/restapi/v1.0/dictionary/user-role/3",
"id": "3"
},
"scopes": [
"Self"
]
},