An SSH key added for a user cannot access organizations a user belongs to #48323
-
Select Topic AreaBug BodyIt appears as though SSH keys added to a user's account via the API using an OAuth bearer token do not get access to repos that the user has been granted access to via an organization. Is this intended behavior? API SSH Key Add BehaviorWhen an SSH key is added via an OAuth client in the API the SSH key can be used to access personal repositories, but not organization level repositories.
Manual SSH Key Add BehaviorWhen an SSH key is added explicitly be a user via the UI it can be used to authenticate and perform any actions the user is authorized to do.
Additional InfoTesting access with an SSH key created via the API works:
But fetching repos that belong to an organization fails:
I can see that the key was in fact used when running |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
I suspect you may be trying to access a SAML enabled organizations which requires a user PAT or SSH key to be explicitly authorized for an Organization |
Beta Was this translation helpful? Give feedback.
-
Update: |
Beta Was this translation helpful? Give feedback.
-
Hi! I ran into the same problem and your answer cleared my way.
However, I was wondering if we really want to keep the third-party application access policy in |
Beta Was this translation helpful? Give feedback.
Update:
I found that this was because of the organization's "third-party application access policy". Removing these restrictions means the SSH key added by the application can be used. Bit of a strange restriction in my opinion considering that these SSH keys are added to act on the users behalf.