-
Notifications
You must be signed in to change notification settings - Fork 59.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphQL rate limits documentation mentions an unavailable authentication method #34114
Comments
@Fs00 Thank you for opening an issue! I'll get this triaged for review ✨ |
Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀 |
@Fs00 Thank you for your patience while our team reviewed! ✨ After reviewing your issue, our engineering team provided the following response -
Please let us know if you have any thoughts regarding our engineering team's response, especially regarding the statement "When you create a new organization, OAuth app access restrictions are enabled by default." Thank you! 💛 |
Hello @nguyenalex836. My question is all about the (in-)ability to authenticate to the GraphQL API via OAuth client ID + client secret without any sort of token or user authentication, as it can be done with the REST API. |
Hi @Fs00, |
Thank you for the clarification @AlenaSviridenko! |
@AlenaSviridenko Thank you for providing that clarification! 💛
I've added the |
I can see that the issue is with the syntax of the authentication method in the GraphQL rate limits documentation. Specifically, the documentation mentions an authentication method with the following syntax: Authorization: Bearer or Authorization: token However, it seems that the correct syntax for authentication is: Authorization: Bearer YOUR_GITHUB_PERSONAL_ACCESS_TOKEN or Authorization: token ghp_YOUR_GITHUB_PERSONAL_ACCESS_TOKEN The issue is that the documentation uses the syntax which is not a valid placeholder for the actual token value. Instead, it should use a placeholder that indicates the user should replace it with their actual GitHub Personal Access Token. |
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/graphql/overview/rate-limits-and-node-limits-for-the-graphql-api
What part(s) of the article would you like to see updated?
The article includes the following sentence when detailing primary rate limits for each authentication method:
However, authentication via client ID + client secret for OAuth apps appears not to be available for the GraphQL API, as a user pointed out in octokit/auth-oauth-app.js#46. I also got the same result when trying via curl.
If the quoted sentence refers to the aforementioned client ID + client secret basic authentication mechanism (which, to my knowledge, is only available for the REST API), it probably shouldn't be there.
If that's not the case, it's unclear which authentication method it refers to.
The text was updated successfully, but these errors were encountered: