Starting example results in 404, should specify JWT to make it work
grjzwaan opened this issue · comments
The simple example results in a 404 error:
api = GhApi(owner='owner', repo='repo', token='<YOUR-TOKEN>')
pulls = api.pulls.list()
but with curl it works (from GitHub docs):
curl \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer <YOUR-TOKEN>" \
https://api.github.com/repos/OWNER/REPO/pulls
The following works:
api = GhApi(owner='owner', repo='repo', jwt_token='<YOUR-TOKEN>')
pulls = api.pulls.list()
The personal access token has scopes for repo, workflow, gist and notifications.
Cause
It seems the API call to GitHub expects a different header. The example on GhApi sets Authorization: token <YOUR-TOKEN>
but the example on GitHub specifies Authorization: Bearer <YOUR-TOKEN>
. On https://docs.github.com/en/rest/overview/other-authentication-methods this is expanded upon with the note:
Note: In most cases, you can use Authorization: Bearer or Authorization: token to pass a token. However, if you are passing a JSON web token (JWT), you must use Authorization: Bearer.
Reading the docs I assume the header Authorization: token <TOKEN>
is fine, but the above experimentation indicates otherwise.
Conclusion
I have no clue why 'my' token is regarded as a JWT token here, and in the example of GhApi not. For me it works, but I couldn't find a reason. Perhaps it helps someone searching for this, but I'm also interested to known if it is a setting or ...