When adding a GitHub account to Sourcetree for Mac 3.0.1 (205), using OAuth and HTTPS, only public read permissions are requested:
Consequently, no private repos are accessible and no write permissions are given. I found no way of elevating the requested permissions either through Sourcetree or through GitHub settings.
I found a workaround by accident: after the Sourcetree app is authorized, an entry is created in Keychain Access:
Kind: application password
Where: SourceTree (OAuth) for GitHub
Deleting this entry, relaunching Sourcetree and clicking on "Remote" tab gives this info:
After clicking on "Sign In", GitHub finally presents the additional permissions prompt:
Shouldn't Sourcetree ask for all of these permissions when adding the account using the normal workflow?
Still when using the workaround I proposed, I am unable to access private repos of some organizations I am a part of, rather I need to request access individually for SourcetreeForMac from here https://github.com/settings/applications like this:
Searching around, I found another workaround, which finally gave me the full access:
1) Go to https://github.com/settings/tokens
2) Click "Generate new token"
3) Input token description e.g. "Sourcetree Mac Token", select "repo" checkbox, and click "Generate token"
4) Copy the generated token
5) Add your GitHub account to Sourcetree, but now rather than using OAuth, select Basic authentication
6) Input your username
7) Paste the generated token as password
Now you should have a fully functional connection between your GitHub account and Sourcetree, including access to all private repos. If you encounter any functionality that is not working (I haven't), try regenerating the token with more permissions - I intentionally selected only "repo", as that is all I need at this moment.
Hope this is helpful, until there is a fix from Sourcetree team. As mentioned above, the issue has already been filed here https://jira.atlassian.com/browse/SRCTREE-6322
This worked for me without hacks.
1. Choose Basic auth
2. Input github username.
3. Choose SSH protocol (should be default) and then click on "Generate key"
4. In your github. Settings > SSH and GPG keys > New SSH Key - paste generated key.
5. Then Settings > Personal access tokens > Generate new token.
6. Add your self enough rights that you feel comfortable with and set proper expiration.
7. After generating PAT paste it in SourceTree in password field.
Voila now you have access to private repo and rights that you choose under PAT.
This is still not solved right?
GitHub constantly informs me that Basic Authentication will soon no longer be available:
(Basic authentication using a password to the API is deprecated and will soon no longer work. Visit https://developer.github.com/changes/2020-02-14-deprecating-password-auth/ for more information around suggested workarounds and removal dates.)
Guess, its time to leave Sourcetree behind!
I've painfully downloaded GitHub Desktop for macOS and use it to do my pushes to origin. I guess if I were a "real dev" I'd set up the command line instead, but didn't want to mess with setting up a PAT again and GitHub Desktop, though not quite as nice as SourceTree, does wisely ask for push permissions (and stores the results) on first login.
To Sourcetree staff:
Problem still exists - I imagine getting your competitor's repos to work easily with your software seems counter-intuitive, however this problem was just about to drive me to start using the Github application instead...soo.....
Food for thought.
To the OP:
THANK YOU for this post, this solved it for me on Mac.
This works properly in the Windows version of SourceTree but (still, one year later) is not fixed in the Mac version as of 4.0.232. There were a handful of other bugs in the authorization dialog too (such as, can't switch from Basic to OAuth on an existing account). Anyone driving this bus?
The workaround at the top with deleting the keychain entry does work, so some part of the SourceTree code has the right implementation for requesting permissions. So the response from the Atlassian Team member to the effect of "we do this on purpose" can be ignored.
Thank you so much for the solution. This worked for my organizations private repo. Strangely, none of my colleagues faced the issue except me. We have 2FA enabled and only for me it was causing issue.
Just to mention, am in Mojave while all my colleagues are still in High Sierra but don't think this should be an issue.
First of all thanks for the workaround. I was able to access my private repositories with your approach.
I think this problem is bigger than it seems, because if you're new to GitHub (or any other alternatives) and SourceTree, you may end up losing your access to your private repositories. The reasons why so many people are not facing this problem are either this problem is something new (maybe related with 3.0.1) or they have already given the permission to SourceTree for full access. I was revoking my Oauth App tokens and when I re-connect my GitHub account with SourceTree, I face this one.
Hope you guys figure this out soon.
Sourcetree's OAuth permissions for all services (not just GitHub) are intentionally narrowly scoped. We don't want authorization for actions we aren't using in the app. The request for private repos is a good one and should be filed in our public trackers (Mac and Windows) Cheers!
Senior Mac Developer, Sourcetree
Thank you for answering. I do appreciate the privacy-conscious approach that the Source Tree team is taking. Still, the basic set of public read permissions requested does not even allow for write access to public repos, so I am unable to push any changes. It seems that someone has already filed an issue regarding this behavior:
Hope this gets sorted out soon.
That's ridiculous. I can't access my private repository because of the "actions you are not using in the app"? It seems you like to make source tree unusable.
To continue like that it's better to stop developing it. You need to decide if you want to create a useful tool or some sort of a gimmick.