I'm trying to authenticate through a Github app to launch a repository dispatch event as per these docs. The app has the permissions metadata:read and contents:read&write as mentioned in the docs.
With the code below, authentication succeeds, but I get a 404 not found error.
const authDetails = {
appId: secrets.appId,
privateKey: privateKey,
clientId: secrets.clientId,
clientSecret: secrets.clientSecret,
}
const auth = createAppAuth(authDetails);
(async() => {
const appAuthentication = await auth({type: "app"});
const appOctokit = new Octokit(appAuthentication);
appOctokit.request('POST /repos/org_name/repo_name/dispatches', {
event_type: 'my_action'
}).then(res => {
console.log(res);
}).catch(err => {
console.log(err)
})
})()
If I authenticate using a personal access token (code below), the request succeeds, and the action my_action is fired as expected.
const patOctokit = new Octokit({ auth: `***` });
(async() => {
patOctokit.request('POST /repos/org_name/repo_name/dispatches', {
event_type: 'my_action'
}).then(res => {
console.log(res);
}).catch(err => {
console.log(err)
})
})()
Comparing the responses, I can see that the PAT method (204) includes the header 'x-oauth-scopes': 'repo' where the app method (404) does not.
The repo in question is also owned by an organisation- I'm not sure if that could alter the required permissions.