Update forming-calls-with-graphql.md #13564
Conversation
This commit may only make sense if you take a look at the Personal Access Token page on GitHub (where you create a new one), and open that alongside this small diff. ---- I feel like I must be wrong / missing something, but I couldn't understand why "repo" was in this permissions list along with a subset of children under it. My best guess is that it was included on accident (or maybe some explanatory comment or text was lost, pointing out that it could be "repo" _or_ "public_repo,repo_deployment,repo:status" ...) I'm pretty sure it's supposed to be this way (without the coarse permission of "repo"), and I'll test that shortly.
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
Automatically generated comment ℹ️This comment is automatically generated and will be overwritten every time changes are committed to this branch. The table contains an overview of files in the Content directory changesYou may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.
|
|
I'm using GraphiQL with a token that has these permissions — without the coarse |
|
@hangtwenty Please convert your PR from draft to ready for review when you are done with the changes 💖 |
|
@ramyaparimi alrighty. I think it's ready. |
|
A stale label has been added to this pull request because it has been open 7 days with no activity. To keep this PR open, add a comment or push a commit within 3 days. |
github-actions
bot
added
the
stale
|
Is there anything I need to do? |
ramyaparimi
added
content
|
@hangtwenty I apologize for the delay 💛 My notifications were wonky and I somehow missed this alert. I triaged your PR for a writers review. Thanks a bunch for your patience 💖 Thanks so much for taking your time to contribute to GitHub docs 💖 |
skedwards88
left a comment
skedwards88
left a comment
There was a problem hiding this comment.
Thanks for this suggestion! We recommend these scopes to match the scopes granted to the GraphQL explorer. The explorer is not currently available for enterprise users, so for them we just display The following scopes are recommended: instead of To match the behavior of the GraphQL Explorer, request the following scopes:. I would recommend either changing the text that we display for enterprise users, or only removing the repo scope recommendation for enterprise users.
If you are new to the liquid versioning:
{% ifversion fpt or ghec %} precedes the text that only displays for free/pro/team or GHEC users. {% else %} precedes the text that displays for other users.
skedwards88
removed
the
waiting for review
|
A stale label has been added to this pull request because it has been open 7 days with no activity. To keep this PR open, add a comment or push a commit within 3 days. |
github-actions
bot
added
the
stale
Incorporated PR feedback
| ``` | ||
|
|
||
| {% endif %} | ||
|
|
There was a problem hiding this comment.
@skedwards88 said:
Thanks for this suggestion! We recommend these scopes to match the scopes granted to the GraphQL explorer. The explorer is not currently available for enterprise users, so for them we just display
The following scopes are recommended:instead ofTo match the behavior of the GraphQL Explorer, request the following scopes:. I would recommend either changing the text that we display for enterprise users, or only removing thereposcope recommendation for enterprise users.If you are new to the liquid versioning:
{% ifversion fpt or ghec %}precedes the text that only displays for free/pro/team or GHEC users.{% else %}precedes the text that displays for other users.
———
@skedwards88 thanks for the feedback and context! Is the updated diff what you had in mind?
3 participants
ℹ️ It's a
1-linesmall change (though it could have some significance).Why:
Opportunity for a small edit for the sake of keeping these API calls "Least Privilege."
I needed to create a new personal access token for another project using GitHub's (awesome) GraphQL API. I used the docs to remind me what scopes to give it and such. It occurred to me that the inclusion of
repoalongside more granular permissions, without differentiation, might confuse or dissuade some people.This commit may make more sense if you take a look at the Personal Access Token page on GitHub (where you create a new one), and open that alongside this small diff. Or you can view this screenshot for convenience —
Screenshot of Personal Access Token page
What's being changed:
Remove the
repoline from the suggested permissions on this page in the documentation. I think it is consistent with the docs' intentions ..? It feels like it might have been a proofreading/formatting confusion, but I might just be confusing myself. (Happens often enough 😆 )Check off the following: