Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please clean up documentation for /authorizations #19279

Open
1 task done
jsoref opened this issue Jul 25, 2022 · 6 comments
Open
1 task done

Please clean up documentation for /authorizations #19279

jsoref opened this issue Jul 25, 2022 · 6 comments
Labels
content rest waiting for review

Comments

@jsoref
Copy link
Contributor

jsoref commented Jul 25, 2022
edited

Code of Conduct

What article on docs.github.com is affected?

https://github.com/github/docs/blob/61b260231c18d4ad15f1663087c912025b48ac71/content/rest/overview/index.md

Basically, there should be a page that directly covers /authorizations.

It is indirectly mentioned here:
https://github.com/github/docs/blob/61b260231c18d4ad15f1663087c912025b48ac71/content/rest/overview/other-authentication-methods.md#using-the-oauth-authorizations-api-with-two-factor-authentication

And it's mentioned in the /meta docs -- https://docs.github.com/en/rest/meta#github-api-root

curl \
  -H "Accept: application/vnd.github+json" \ 
  -H "Authorization: token <TOKEN>" \
  https://api.github.com/
Response 
{
  "current_user_url": "https://api.github.com/user",
  "current_user_authorizations_html_url": "https://github.com/settings/connections/applications{/client_id}",
  "authorizations_url": "https://api.github.com/authorizations",
  "code_search_url": "https://api.github.com/search/code?q={query}{&page,per_page,sort,order}",
  "commit_search_url": "https://api.github.com/search/commits?q={query}{&page,per_page,sort,order}",
  "emails_url": "https://api.github.com/user/emails",
  "emojis_url": "https://api.github.com/emojis",
  "events_url": "https://api.github.com/events",
  "feeds_url": "https://api.github.com/feeds",
  "followers_url": "https://api.github.com/user/followers",
  "following_url": "https://api.github.com/user/following{/target}",
  "gists_url": "https://api.github.com/gists{/gist_id}",
  "hub_url": "https://api.github.com/hub",
  "issue_search_url": "https://api.github.com/search/issues?q={query}{&page,per_page,sort,order}",
  "issues_url": "https://api.github.com/issues",
  "keys_url": "https://api.github.com/user/keys",
  "label_search_url": "https://api.github.com/search/labels?q={query}&repository_id={repository_id}{&page,per_page}",
  "notifications_url": "https://api.github.com/notifications",
  "organization_url": "https://api.github.com/orgs/{org}",
  "organization_repositories_url": "https://api.github.com/orgs/{org}/repos{?type,page,per_page,sort}",
  "organization_teams_url": "https://api.github.com/orgs/{org}/teams",
  "public_gists_url": "https://api.github.com/gists/public",
  "rate_limit_url": "https://api.github.com/rate_limit",
  "repository_url": "https://api.github.com/repos/{owner}/{repo}",
  "repository_search_url": "https://api.github.com/search/repositories?q={query}{&page,per_page,sort,order}",
  "current_user_repositories_url": "https://api.github.com/user/repos{?type,page,per_page,sort}",
  "starred_url": "https://api.github.com/user/starred{/owner}{/repo}",
  "starred_gists_url": "https://api.github.com/gists/starred",
  "topic_search_url": "https://api.github.com/search/topics?q={query}{&page,per_page}",
  "user_url": "https://api.github.com/users/{user}",
  "user_organizations_url": "https://api.github.com/user/orgs",
  "user_repositories_url": "https://api.github.com/users/{user}/repos{?type,page,per_page,sort}",
  "user_search_url": "https://api.github.com/search/users?q={query}{&page,per_page,sort,order}"
}

What part(s) of the article would you like to see updated?

Either:

Additional information

Apparently, my PAT isn't valid for this endpoint. As I get a 404 from it.
@jsoref jsoref added the content label Jul 25, 2022
@github-actions github-actions bot added the triage label Jul 25, 2022
@cmwilson21
Copy link
Collaborator

cmwilson21 commented Jul 25, 2022

@jsoref Thanks so much for opening an issue and providing all this detail! I'll triage this for the team to take a look 👀

@cmwilson21 cmwilson21 added waiting for review rest and removed triage labels Jul 25, 2022
@skedwards88
Copy link
Contributor

skedwards88 commented Jul 26, 2022

@jsoref Thanks for this input! I agree that we need better authentication docs, and we are discussing ideas with the team. To make sure I understand what you are asking:

@jsoref
Copy link
Contributor Author

jsoref commented Jul 26, 2022

Does Basics of authentication cover what you are looking for?

No.

I'm really trying to figure out what permissions my GITHUB_TOKEN has. And I have no idea how to do that.

Would it be clearer to combine Other authentication methods and Basics of authentication into a single article?

I, personally, don't think having Other authentication methods as a separate article adds much value. So, I guess? (This is a really weak "yes")

The using-the-oauth-authorizations-api-with-two-factor-authentication section that you link to only applies to GHES. Many of our docs contributors are not GHES users, so I want to confirm that this was linked intentionally.

It's linked because it was the only page that mentions it other than the meta page which shows it in the response. And yes, I'm aware it's in an if. But, it was the only thing. No, I'm not a GHES user. But if I'm trying to understand how a thing works and the only thing that mentions it is a GHES doc, I'll still read and reference it. I won't expect it to be accurate to my use case, but what choice do I have?

Can you explain more about what you mean by And it's mentioned in the /meta docs?

Here's the meta docs page:
https://docs.github.com/en/rest/meta#github-api-root
image

the url is provided as a property of the response object for https://api.github.com/

{
...
  "authorizations_url": "https://api.github.com/authorizations",
...
}

To quote Google: "That’s all we know."

@skedwards88
Copy link
Contributor

skedwards88 commented Jul 26, 2022

Thanks for this additional detail.

The /authorizations endpoint is documented at https://docs.github.com/en/rest/oauth-authorizations. Note: That endpoint is deprecated for non-GHES users, and the non-GHES docs are scheduled to disappear in the very near future.

For your question about GITHUB_TOKEN, I think that https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token will help. (If you have suggestions for improvement for that article, please open a separate issue so that it doesn't get lost in this issue.) I can make a note for us to add a link from the REST authentication docs to the docs about GITHUB_TOKEN to make that more discoverable.

Does this answer your questions?

@jsoref
Copy link
Contributor Author

jsoref commented Jul 26, 2022

As you've noted that the /authorizations endpoint is gone, shouldn't the /meta endpoint on GitHub (and the docs for the same) not mention it (conditional on NOT GHES)?

Similarly, shouldn't the https://docs.github.com/en/rest/oauth-authorizations#list-your-authorizations page no longer list it, as opposed to

https://docs.github.com/en/enterprise-server@3.2/rest/oauth-authorizations#list-your-authorizations
...
https://docs.github.com/en/enterprise-server@3.6/rest/oauth-authorizations#list-your-authorizations

which can legitimately list it until they disappear...

@jsoref jsoref changed the title Please document /authorizations Please clean up documentation for /authorizations Jul 26, 2022
@jsoref
Copy link
Contributor Author

jsoref commented Jul 26, 2022

Filed #19323 for the GITHUB_TOKEN parts since apparently /authorizations is very much a ghost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
content rest waiting for review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsoref @skedwards88 @cmwilson21