smilers
diff --git a/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png‎
174 KB b/‎assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png‎
174 KB
diff --git a/‎content/developers/apps/scopes-for-oauth-apps.md‎
Lines changed: 11 additions & 11 deletions b/‎content/developers/apps/scopes-for-oauth-apps.md‎
Lines changed: 11 additions & 11 deletions
diff --git a/‎content/github/authenticating-to-github/connecting-with-third-party-applications.md‎
Lines changed: 3 additions & 3 deletions b/‎content/github/authenticating-to-github/connecting-with-third-party-applications.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎content/github/authenticating-to-github/creating-a-personal-access-token.md‎
Lines changed: 4 additions & 0 deletions b/‎content/github/authenticating-to-github/creating-a-personal-access-token.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎content/graphql/guides/forming-calls-with-graphql.md‎
Lines changed: 4 additions & 3 deletions b/‎content/graphql/guides/forming-calls-with-graphql.md‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎content/graphql/guides/managing-enterprise-accounts.md‎
Lines changed: 88 additions & 5 deletions b/‎content/graphql/guides/managing-enterprise-accounts.md‎
Lines changed: 88 additions & 5 deletions
diff --git a/‎content/rest/guides/discovering-resources-for-a-user.md‎
Lines changed: 3 additions & 3 deletions b/‎content/rest/guides/discovering-resources-for-a-user.md‎
Lines changed: 3 additions & 3 deletions
@@ -38,19 +38,19 @@ X-Accepted-OAuth-Scopes: user
 ### Available scopes
 
 Name | Description
------|-----------|
-**`(no scope)`** | Grants read-only access to public information (includes public user profile info, public repository info, and gists){% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
+-----|-----------|{% if currentVersion != "github-ae@latest" %}
+**`(no scope)`** | Grants read-only access to public information (including user profile info, repository info, and gists){% endif %}{% if enterpriseServerVersions contains currentVersion or currentVersion == "github-ae@latest" %}
 **`site_admin`** | Grants site administrators access to [{% data variables.product.prodname_ghe_server %} Administration API endpoints](/rest/reference/enterprise-admin).{% endif %}
-**`repo`** | Grants full access to private and public repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for public and private repositories and organizations. Also grants ability to manage user projects.
-&emsp;`repo:status`| Grants read/write access to public and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
-&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for public and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.
-&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.
+**`repo`** | Grants full access to repositories, including private repositories. That includes read/write access to code, commit statuses, repository and organization projects, invitations, collaborators, adding team memberships, deployment statuses, and repository webhooks for repositories and organizations. Also grants ability to manage user projects.
+&emsp;`repo:status`| Grants read/write access to {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repository commit statuses. This scope is only necessary to grant other users or services access to private repository commit statuses *without* granting access to the code.
+&emsp;`repo_deployment`| Grants access to [deployment statuses](/rest/reference/repos#deployments) for {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. This scope is only necessary to grant other users or services access to deployment statuses, *without* granting access to the code.{% if currentVersion != "github-ae@latest" %}
+&emsp;`public_repo`| Limits access to public repositories. That includes read/write access to code, commit statuses, repository projects, collaborators, and deployment statuses for public repositories and organizations. Also required for starring public repositories.{% endif %}
 &emsp;`repo:invite` | Grants accept/decline abilities for invitations to collaborate on a repository. This scope is only necessary to grant other users or services access to invites *without* granting access to the code.{% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "[email protected]" %}
 &emsp;`security_events` | Grants: <br/> read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning) <br/> read and write access to security events in the [{% data variables.product.prodname_secret_scanning %} API](/rest/reference/secret-scanning) <br/> This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}{% if currentVersion ver_gt "[email protected]" and currentVersion ver_lt "[email protected]" %}
 &emsp;`security_events` | Grants read and write access to security events in the [{% data variables.product.prodname_code_scanning %} API](/rest/reference/code-scanning). This scope is only necessary to grant other users or services access to security events *without* granting access to the code.{% endif %}
-**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in public and private repositories. The `repo` and `public_repo` scopes grants full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
-&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in public or private repositories.
-&emsp;`read:repo_hook`| Grants read and ping access to hooks in public or private repositories.
+**`admin:repo_hook`** | Grants read, write, ping, and delete access to repository hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} and private repositories. The `repo` {% if currentVersion != "github-ae@latest" %}and `public_repo` scopes grant{% else %}scope grants{% endif %} full access to repositories, including repository hooks. Use the `admin:repo_hook` scope to limit access to only repository hooks.
+&emsp;`write:repo_hook` | Grants read, write, and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
+&emsp;`read:repo_hook`| Grants read and ping access to hooks in {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories.
 **`admin:org`** | Fully manage the organization and its teams, projects, and memberships.
 &emsp;`write:org`| Read and write access to organization membership, organization projects, and team membership.
 &emsp;`read:org`| Read-only access to organization membership, organization projects, and team membership.
@@ -78,11 +78,11 @@ Name | Description
 {% note %}
 
 **Note:** Your OAuth App can request the scopes in the initial redirection. You
-can specify multiple scopes by separating them with a space:
+can specify multiple scopes by separating them with a space using `%20`:
 
     https://github.com/login/oauth/authorize?
       client_id=...&
-      scope=user%20public_repo
+      scope=user%20repo_deployment
 
 {% endnote %}
 
 
@@ -55,13 +55,13 @@ There are several types of data that applications can request.
 | Type of data | Description |
 | --- | --- |
 | Commit status | You can grant access for a third-party application to report your commit status. Commit status access allows applications to determine if a build is a successful against a specific commit. Applications won't have access to your code, but they <em>can</em> read and write status information against a specific commit. |
-| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for public and private repositories. Applications won't have access to your code. |
-| Gists | [Gist](https://gist.github.com) access allows applications to read or write to both your public and secret Gists. |
+| Deployments | Deployment status access allows applications to determine if a deployment is successful against a specific commit for a repository. Applications won't have access to your code. |
+| Gists | [Gist](https://gist.github.com) access allows applications to read or write to {% if currentVersion != "github-ae@latest" %}both your public and{% else %}both your internal and{% endif %} secret Gists. |
 | Hooks | [Webhooks](/webhooks) access allows applications to read or write hook configurations on repositories you manage. |
 | Notifications | Notification access allows applications to read your {% data variables.product.product_name %} notifications, such as comments on issues and pull requests. However, applications remain unable to access anything in your repositories. |
 | Organizations and teams | Organization and teams access allows apps to access and manage organization and team membership. |
 | Personal user data | User data includes information found in your user profile, like your name, e-mail address, and location. |
-| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either public or private repositories on a user-wide level. |
+| Repositories | Repository information includes the names of contributors, the branches you've created, and the actual files within your repository. Applications can request access for either {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} or private repositories on a user-wide level. |
 | Repository delete | Applications can request to delete repositories that you administer, but they won't have access to your code. |
 
 ### Requesting updated permissions
 
@@ -29,7 +29,11 @@ Personal access tokens (PATs) are an alternative to using passwords for authenti
 5. Give your token a descriptive name.
    ![Token description field](/assets/images/help/settings/token_description.png)
 6. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select **repo**.
+   {% if currentVersion == "free-pro-team@latest" or enterpriseServerVersions contains currentVersion %}
    ![Selecting token scopes](/assets/images/help/settings/token_scopes.gif)
+   {% elsif currentVersion == "github-ae@latest" %}
+   ![Selecting token scopes](/assets/images/enterprise/github-ae/settings/access-token-scopes-for-ghae.png)
+   {% endif %}
 7. Click **Generate token**.
    ![Generate token button](/assets/images/help/settings/generate_token.png)
 8. Click {% octicon "clippy" aria-label="The copy to clipboard icon" %} to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.{% if currentVersion == "free-pro-team@latest" %}
 
@@ -26,9 +26,10 @@ The following scopes are recommended:
 
 {% endif %}
 
+
 ```
-user
-public_repo
+user{% if currentVersion != "github-ae@latest" %}
+public_repo{% endif %}
 repo
 repo_deployment
 repo:status
@@ -246,7 +247,7 @@ Looking at the composition line by line:
 
   The `labels` field has the type [`LabelConnection`](/graphql/reference/objects#labelconnection). As with the `issues` object, because `labels` is a connection, we must travel its edges to a connected node: the `label` object. At the node, we can specify the `label` object fields we want to return, in this case, `name`.
 
-You may notice that running this query on the Octocat's public `Hello-World` repository won't return many labels. Try running it on one of your own repositories that does use labels, and you'll likely see a difference.
+You may notice that running this query on the Octocat's {% if currentVersion != "github-ae@latest" %}public{% endif %} `Hello-World` repository won't return many labels. Try running it on one of your own repositories that does use labels, and you'll likely see a difference.
 
 ### Example mutation
 
 
@@ -58,9 +58,7 @@ For some example queries, see "[An example query using the Enterprise Accounts A
     - `admin:enterprise`: Gives full control of enterprises (includes `manage_billing:enterprise` and `read:enterprise`)
     - `manage_billing:enterprise`: Read and write enterprise billing data.
     - `read:enterprise`: Read enterprise profile data.
-
-  ![Permissions options for personal access token](/assets/images/developer/graphql/permissions-for-access-token.png)
-
+    
 4. Copy your personal access token and keep it in a secure place until you add it to your GraphQL client.
 
 #### 2. Choose a GraphQL client
@@ -95,7 +93,9 @@ Now you are ready to start making queries.
 
 ### An example query using the Enterprise Accounts API
 
-This GraphQL query requests the total number of `public` repositories in each of your appliance's organizations using the Enterprise Accounts API. To customize this query, replace `<enterprise-account-name>` with the slug of your Enterprise's instance slug.
+This GraphQL query requests the total number of {% if currentVersion != "github-ae@latest" %}`public`{% else %}`private`{% endif %} repositories in each of your appliance's organizations using the Enterprise Accounts API. To customize this query, replace `<enterprise-account-name>` with the slug of your Enterprise's instance slug.
+
+{% if currentVersion != "github-ae@latest" %}
 
 ```graphql
 query publicRepositoriesByOrganization($slug: String!) {
@@ -127,8 +127,42 @@ variables {
 }
 ```
 
-The next GraphQL query example shows how challenging it is to retrieve the number of `public` repositories in each organization without using the Enterprise Account API.  Notice that the GraphQL Enterprise Accounts API has made this task simpler for enterprises since you only need to customize a single variable. To customize this query, replace `<name-of-organization-one>` and `<name-of-organization-one>`, etc. with the organization names on your instance.
+{% else %}
+
+```graphql
+query privateRepositoriesByOrganization($slug: String!) {
+  enterprise(slug: $slug) {
+    ...enterpriseFragment
+  }
+}
+
+fragment enterpriseFragment on Enterprise {
+  ... on Enterprise{
+    name
+    organizations(first: 100){
+      nodes{
+        name
+        ... on Organization{
+          name
+          repositories(privacy: PRIVATE){
+            totalCount
+          }
+        }
+      }
+    }
+  }
+}
+
+# Passing our Enterprise Account as a variable
+variables {
+  "slug": "<enterprise-account-name>"
+}
+```
+{% endif %}
+
+The next GraphQL query example shows how challenging it is to retrieve the number of {% if currentVersion != "github-ae@latest" %}`public`{% else %}`private`{% endif %} repositories in each organization without using the Enterprise Account API.  Notice that the GraphQL Enterprise Accounts API has made this task simpler for enterprises since you only need to customize a single variable. To customize this query, replace `<name-of-organization-one>` and `<name-of-organization-two>`, etc. with the organization names on your instance.
 
+{% if currentVersion != "github-ae@latest" %}
 ```graphql
 # Each organization is queried separately
 {
@@ -150,9 +184,34 @@ fragment repositories on Organization {
   }
 }
 ```
+{% else %}
+```graphql
+# Each organization is queried separately
+{
+  organizationOneAlias: organization(login: "name-of-organization-one") {
+    # How to use a fragment
+    ...repositories
+  }
+  organizationTwoAlias: organization(login: "name-of-organization-two") {
+    ...repositories
+  }
+  # organizationThreeAlias ... and so on up-to lets say 100
+}
+
+## How to define a fragment
+fragment repositories on Organization {
+  name
+  repositories(privacy: PRIVATE){
+    totalCount
+  }
+}
+```
+{% endif %}
 
 ### Query each organization separately
 
+{% if currentVersion != "github-ae@latest" %}
+
 ```graphql
 query publicRepositoriesByOrganization {
   organizationOneAlias: organization(login: "<name-of-organization-one>") {
@@ -173,6 +232,30 @@ fragment repositories on Organization {
 }
 ```
 
+{% else %}
+
+```graphql
+query privateRepositoriesByOrganization {
+  organizationOneAlias: organization(login: "<name-of-organization-one>") {
+    # How to use a fragment
+    ...repositories
+  }
+  organizationTwoAlias: organization(login: "<name-of-organization-two>") {
+    ...repositories
+  }
+  # organizationThreeAlias ... and so on up-to lets say 100
+}
+# How to define a fragment
+fragment repositories on Organization {
+  name
+  repositories(privacy: PRIVATE){
+    totalCount
+  }
+}
+```
+
+{% endif %}
+
 This GraphQL query requests the last 5 log entries for an enterprise organization. To customize this query, replace `<org-name>` and `<user-name>`.
 
 ```graphql
 
@@ -22,7 +22,7 @@ If you haven't already, you should read the ["Basics of Authentication"][basics-
 
 ### Discover the repositories that your app can access for a user
 
-In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's a public repository where the user has write access.
+In addition to having their own personal repositories, a user may be a collaborator on repositories owned by other users and organizations. Collectively, these are the repositories where the user has privileged access: either it's a private repository where the user has read or write access, or it's a {% if currentVersion != "github-ae@latest" %}public{% else %}internal{% endif %} repository where the user has write access.
 
 [OAuth scopes][scopes] and [organization application policies][oap] determine which of those repositories your app can access for a user. Use the workflow below to discover those repositories.
 
@@ -87,11 +87,11 @@ client.organizations.each do |organization|
 end
 ```
 
-#### Don’t rely on public organizations
+#### Return all of the user's organization memberships
 
 If you've read the docs from cover to cover, you may have noticed an [API method for listing a user's public organization memberships][list-public-orgs]. Most applications should avoid this API method. This method only returns the user's public organization memberships, not their private organization memberships.
 
-As an application, you typically want all of the user's organizations (public and private) that your app is authorized to access. The workflow above will give you exactly that.
+As an application, you typically want all of the user's organizations that your app is authorized to access. The workflow above will give you exactly that.
 
 [basics-of-authentication]: /rest/guides/basics-of-authentication
 [list-public-orgs]: /rest/reference/orgs#list-organizations-for-a-user