Graphql invite problem

Gircsi117 · 16 January 2024 10:56

Hello!

I’ve encountered a problem with the invite feature. I would like to create a stream on our site and add people to it later. I’m using graphql for this, and it creates the stream without any issues, but every time I try to add someone, I get a message that I don’t have the necessary permissions.

Could anyone help?

fabians · 17 January 2024 12:30

Hey @Gircsi117

We’ll need some more context to understand what’s going on. Are you self-hosting or running these against Speckle on the cloud? If you’re self-hosting - what speckle server version is it and have you made any modifications to it yourself? Also - can you please post the actual error response body? And how did you create SPECKLE_MAIN_KEY - is it a personal access token? What kind of scopes did you give it access to?

Judging by the screenshot I can already see a problem, however - you’re passing in your token in the Authorization header without the ‘Bearer’ prefix (I presume). The header value has to be Bearer {TOKEN} not just {TOKEN}

Regards,
Fabians

Gircsi117 · 17 January 2024 13:29

Hey @fabians

We host it on the Speckle server.

The SPECKLE_MAIN_TOKEN is an access token generated on the Speckle site that has all the necessary permissions.

.

The error message we’re getting is.

.

The header is accepted without any issues elsewhere using this method, for example, fetching data, creating and deleting streams.
In this case, for example, it works flawlessly:

fabians · 17 January 2024 13:42

@Gircsi117
streamInviteCreate requires a scope that you don’t have, so it doesn’t have all of the necessary permissions

Gircsi117 · 18 January 2024 07:16

@fabians
I don’t fully understand how I could augment my own request based on the example you provided.

fabians · 18 January 2024 08:54

@Gircsi117 My screenshot is not an example of a GQL query, but the definition of our GQL schema. It shows that you need the “users:invite” scope for your token to be able to invoke the streamInviteCreate mutation.

Judging by the screenshot you posted in your previous reply, your token does not have such a scope. After consulting with the team, I’ve come to understand that the “users:invite” scope is allowed for first party apps only to discourage people from programmatically spamming invite creation.

AG_AOSM · 6 June 2024 19:20

I’m trying to add users to a project/stream. Ideally I would be able to do this without the invite/accept workflow on my own server.

In any case, users:invite isn’t available as a scope option for tokens. Is that intentional?

dimitrie · 6 June 2024 19:33

Hi @AG_AOSM - yes, it unfortunately is as at the time we considered it good practice in order to prevent invites being a vehicle for spamming others, and basically using a speckle server as a mailing server…

If you are running your own server, this can be alleviated. Go in here:

github.com

specklesystems/speckle-server/blob/8f12e0a5a8811978be054a2bb3ceed24ae6c7915/packages/server/modules/core/scopes.js#L4


      
          'use strict'
          const { Scopes } = require('@/modules/core/helpers/mainConstants')
          
          
module.exports = [
            {
              name: Scopes.Streams.Read,
              description:
                'Read your streams, and any associated information (branches, commits, objects).',
              public: true
            },
            {
              name: Scopes.Streams.Write,
              description:
                'Create streams on your behalf, and any associated data (branches, commits, objects).',

And basically add the invite scope, and make sure public: true is set. After a restart and a refresh, it should show up!

AG_AOSM · 11 June 2024 14:49

Well, that was easy! Thank you Dimitrie