Consuming another org's private Packages through GitHub app install #137842
Replies: 2 comments
-
Edit: more searching has led to https://github.com/orgs/community/discussions/24636 |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
I'm the author of a GitHub app that is processing an npm project owned by OrgA. The project references a private Package owned by OrgA and connected to RepoA such that it assumes the permissions of RepoA. My app install token has permission to read RepoA and access Packages for RepoA, as such in the Golang SDK:
When I provide this token to npm client libraries, I receive this 403:
with this configuration:
I am at a loss to debug this – looking for any ideas – thank you. I have verified the inherited permissions option is set correctly, that my app has access to the correct repo and using the token for clone operations is already successful.
Similar discussions talk about publishing packages with Personal Access Tokens but I am only interested in accessing them through my app credentials, which I assume is a fairly different path internally.
Beta Was this translation helpful? Give feedback.
All reactions