gh token scopes errors on `:Octo pr list` and opening a PR
mmirus opened this issue · comments
Issue Description
Type: bug report
Describe what happened (or what feature you want)
Upon running :Octo pr list, I now receive the below error messages.
After dismissing them, the PR list does actually load.
When I select a PR from the list and open it, I receive the same errors, and the PR details fail to load.
gh: Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Your token has not been granted the required scopes to execute this query. The 'id' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Your token has not been granted the required scopes to execute this query. The 'title' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Your token has not been granted the required scopes to execute this query. The 'name' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Your token has not been granted the required scopes to execute this query. The 'optionId' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Your token has not been granted the required scopes to execute this query. The 'name' field requires one of the following scopes: ['read:project'], but your token has only been granted the: ['gist', 'read:org', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.
Describe what you expected to happen
- The PR list opens without error
- The PR opens successfully and without error
How to reproduce it (as minimally and precisely as possible)
- Run
:Octo pr list - Error!
- Open a PR from the list
- Error!
Tell us your environment
Neovim 0.9.5
gh 2.42.0
Arch btw
Anything else we need to know?
I think this problem was introduced between b5371003f209764c9d1cc43cf20b6dc52961f0e8 and 051b633edaf7ce7bf885fe809782c433386b5e6f.
I'm assuming these errors would go away if I had the expected token scopes. But should project scopes be required for listing and viewing PRs? Also, I don't think I'm using a token with Octo/gh.
Thanks for the plugin and for taking a look at this issue!
Confirmed that reverting from 051b633edaf7ce7bf885fe809782c433386b5e6f to b5371003f209764c9d1cc43cf20b6dc52961f0e8 fixes the problem.
fwiw, if you run gh auth login --scopes read:project it will add the proper scopes. This should probably be added to the documentation if that's an acceptable workaround.
@pwntester thoughts on this?
I'm assuming these errors would go away if I had the expected token scopes. But should project scopes be required for listing and viewing PRs? Also, I don't think I'm using a token with Octo/gh.
I didn't read this far into your issue. You bring up an interesting point. Perhaps a revert might be in order and projects v2 (which is what needs that scope) could be opt in. I'm good with whatever path we want
I dont want to force everyone to add the project:read scope, especially if they are not going to use projects v2 so we either check the token scopes (maybe with a probe request) and disable projects v2 support if scope is missing, or make the v2 support opt-in and state that it requires the additional scope. I probably prefer the later. Thoughts?
(In the meantime, I will revert the PR)
I like the probe request idea. That'd probably be the most seamless
Sorry for the trouble! I can start working on a Take 2 this weekend. Hopefully it'd look very similar
Thanks, both!
For what it's worth, I think from a user standpoint, the best experience would be to wait until I attempt to use a feature that requires that scope before making any calls that require me to have it, and then inform me in a friendly way if I'm missing the required access. This could be with a notification saying something like "You must add the 'read:project' scope to use this feature. See <url>.".
This approach keeps plugin functionality discoverable for users, so they can more easily find features they may wish to use, but it provides a good experience for users who need to take an extra step to unlock that functionality.
All the PR info is retrieved from the GraphQL endpoint when opening the PR (including the project info). Thats why Octo is failing when previewing or editing a PR since the GraphQL query requires the project:read scope to get the new v2 attributes. Unfortunately, that info is required to print the PR header with info such as what project the PR is assigned to so we cannot postpone those calls for when the user invokes project related actions.
Makes sense!
Running the following command and authenticating again worked for me, thanks @milogert 👏
gh auth login --scopes read:projectI think with the revert and then take 2, we can probably close this. I now get a notification about the missing scope, and everything works correctly as far as I've seen. Thank you for the quick help!