It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Sourcetree for Mac GitHub account permissions

When adding a GitHub account to Sourcetree for Mac 3.0.1 (205), using OAuth and HTTPS, only public read permissions are requested:

Screenshot1.png

Consequently, no private repos are accessible and no write permissions are given. I found no way of elevating the requested permissions either through Sourcetree or through GitHub settings.

I found a workaround by accident: after the Sourcetree app is authorized, an entry is created in Keychain Access:

Github Credentials
Kind: application password
Where: SourceTree (OAuth) for GitHub

Deleting this entry, relaunching Sourcetree and clicking on "Remote" tab gives this info:

Screenshot2.png

After clicking on "Sign In", GitHub finally presents the additional permissions prompt:

Screenshot3.png

Shouldn't Sourcetree ask for all of these permissions when adding the account using the normal workflow?

Thank you.

7 answers

Still when using the workaround I proposed, I am unable to access private repos of some organizations I am a part of, rather I need to request access individually for SourcetreeForMac from here https://github.com/settings/applications like this:

Screen Shot 2018-12-28 at 7.04.32 PM.png

Searching around, I found another workaround, which finally gave me the full access:

1) Go to https://github.com/settings/tokens
2) Click "Generate new token"
3) Input token description e.g. "Sourcetree Mac Token", select "repo" checkbox, and click "Generate token"
4) Copy the generated token
5) Add your GitHub account to Sourcetree, but now rather than using OAuth, select Basic authentication
6) Input your username
7) Paste the generated token as password

Now you should have a fully functional connection between your GitHub account and Sourcetree, including access to all private repos. If you encounter any functionality that is not working (I haven't), try regenerating the token with more permissions - I intentionally selected only "repo", as that is all I need at this moment.

Hope this is helpful, until there is a fix from Sourcetree team. As mentioned above, the issue has already been filed here https://jira.atlassian.com/browse/SRCTREE-6322

Cheers

For Windows, you need to also select the "user" checkbox while generating the token, otherwise it won't work. (for anyone that finds this from searching Google)

Thank you, your workaround fixed my issue. Still cannot believe this still persists in May 2020.

Worked for me, too. Mostly straightforward (in retrospect), only gotcha really is pasting the generated token into "Password" field. They probably should rename it to "Token" or something.

this worked like a charm, many thanks,

This should be FIXED! 

Using macOS app 4.0.1(234) still has this bug! 

0 votes
bgannin Atlassian Team Dec 14, 2018

Hi Boris,

Sourcetree's OAuth permissions for all services (not just GitHub) are intentionally narrowly scoped. We don't want authorization for actions we aren't using in the app. The request for private repos is a good one and should be filed in our public trackers (Mac and Windows) Cheers!

Brian Ganninger
Senior Mac Developer, Sourcetree

Hi Brian,

Thank you for answering. I do appreciate the privacy-conscious approach that the Source Tree team is taking. Still, the basic set of public read permissions requested does not even allow for write access to public repos, so I am unable to push any changes. It seems that someone has already filed an issue regarding this behavior:

https://jira.atlassian.com/browse/SRCTREE-6322

Hope this gets sorted out soon.

Kind regards

@bgannin  Brian, eight months later, your team still has not fixed this issue that makes SourceTree unusable on Macs.

bgannin Atlassian Team Aug 28, 2019

We are investigating currently.

That's ridiculous. I can't access my private repository because of the "actions you are not using in the app"? It seems you like to make source tree unusable.

To continue like that it's better to stop developing it. You need to decide if you want to create a useful tool or some sort of a gimmick.

Hi Boris,

First of all thanks for the workaround. I was able to access my private repositories with your approach. 

I think this problem is bigger than it seems, because if you're new to GitHub (or any other alternatives) and SourceTree, you may end up losing your access to your private repositories. The reasons why so many people are not facing this problem are either this problem is something new (maybe related with 3.0.1) or they have already given the permission to SourceTree for full access. I was revoking my Oauth App tokens and when I re-connect my GitHub account with SourceTree, I face this one. 

Hope you guys figure this out soon.

Hi Boris,

Thank you so much for the solution. This worked for my organizations private repo. Strangely, none of my colleagues faced the issue except me. We have 2FA enabled and only for me it was causing issue.

Just to mention, am in Mojave while all my colleagues are still in High Sierra but don't think this should be an issue.

 

Thanks.

This works properly in the Windows version of SourceTree but (still, one year later) is not fixed in the Mac version as of 4.0.232.  There were a handful of other bugs in the authorization dialog too (such as, can't switch from Basic to OAuth on an existing account).  Anyone driving this bus?

The workaround at the top with deleting the keychain entry does work, so some part of the SourceTree code has the right implementation for requesting permissions.  So the response from the Atlassian Team member to the effect of "we do this on purpose" can be ignored.

Screen Shot 2020-03-08 at 12.40.10 PM.png

 

I was so disappointed because until now I can't find solution to this. Sourcetree has no support yet for private data viewing or to access it from Github. Only Public Data is viewable. Please any help thanks.

Read the part about the workaround in the first post, and try that

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

4,942 views 0 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you