Our goal is to get all sorts of private information from a GitHub authenticated login.
1. Create an AOuth app and request authorization with the correct scope
First, create an AOuth app from:
For reading private members of an organization,
read:org scoped access token needs to be requested when authorizing. For example, with Github-Flask, do:
For a detailed list of what scopes enables access to what, see here.
After a successful authentication, GitHub will callback with an access token, which then needs to be applied in the requests that you make.
$ curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/users/codertocat
For details on the whole OAuth app workflow, see:
2. For organization to grant access
When a authorizing request is sent with scope
read:org, the authentication step will include the organization access below:
We need to hit the
Request button there, and then as admin of organization, grant access to this at:
Only then, will the access token we retrieved earlier be able to retrieve the full list of members from an organization with:
$ curl -H "Authorization: token OAUTH-TOKEN" https://api.github.com/orgs/:org/members
For details on the member API, see docs here:
If the length of the member list is longer than 50, you might still not get the full list. In which case, use the