Graphql invite problem

Hello!

I’ve encountered a problem with the invite feature. I would like to create a stream on our site and add people to it later. I’m using graphql for this, and it creates the stream without any issues, but every time I try to add someone, I get a message that I don’t have the necessary permissions.

Could anyone help?

image

Hey @Gircsi117

We’ll need some more context to understand what’s going on. Are you self-hosting or running these against Speckle on the cloud? If you’re self-hosting - what speckle server version is it and have you made any modifications to it yourself? Also - can you please post the actual error response body? And how did you create SPECKLE_MAIN_KEY - is it a personal access token? What kind of scopes did you give it access to?

Judging by the screenshot I can already see a problem, however - you’re passing in your token in the Authorization header without the ‘Bearer’ prefix (I presume). The header value has to be Bearer {TOKEN} not just {TOKEN}

Regards,
Fabians

1 Like

Hey @fabians

We host it on the Speckle server.

The SPECKLE_MAIN_TOKEN is an access token generated on the Speckle site that has all the necessary permissions.


.

The error message we’re getting is.


.

The header is accepted without any issues elsewhere using this method, for example, fetching data, creating and deleting streams.
In this case, for example, it works flawlessly:
image

1 Like

@Gircsi117
streamInviteCreate requires a scope that you don’t have, so it doesn’t have all of the necessary permissions

1 Like

@fabians
I don’t fully understand how I could augment my own request based on the example you provided.

@Gircsi117 My screenshot is not an example of a GQL query, but the definition of our GQL schema. It shows that you need the “users:invite” scope for your token to be able to invoke the streamInviteCreate mutation.

Judging by the screenshot you posted in your previous reply, your token does not have such a scope. After consulting with the team, I’ve come to understand that the “users:invite” scope is allowed for first party apps only to discourage people from programmatically spamming invite creation.

1 Like

I’m trying to add users to a project/stream. Ideally I would be able to do this without the invite/accept workflow on my own server.

In any case, users:invite isn’t available as a scope option for tokens. Is that intentional?

Hi @AG_AOSM - yes, it unfortunately is as at the time we considered it good practice in order to prevent invites being a vehicle for spamming others, and basically using a speckle server as a mailing server…

If you are running your own server, this can be alleviated. Go in here:

And basically add the invite scope, and make sure public: true is set. After a restart and a refresh, it should show up!

1 Like

Well, that was easy! Thank you Dimitrie

1 Like

@dimitrie Is there perhaps a solution to allow sending invites even when Speckle is not running on our own server?

I will DM you with a mad trick.

@dimitrie, sorry to revive an old thread, but could you also dm me the mad trick? We have a use case where we’d like to programmatically invite users and I’d like to understand if this mad trick is easier than patching the server deployment and making the option generally available.

Thanks!

Hey Mike!

For your deployment we can connect SCIM providers into workspaces and you can actually manage server and workspace access in your Active Directory. Is that something you would be interested in setting up?

Might be worth discussing on a call. That might be of interest more broadly, but I’m not sure it quite fits this particular use case.