Skip to content

403 Resource not accessible by personal access token [] #283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
algoORgoal opened this issue Apr 15, 2025 · 3 comments
Open

403 Resource not accessible by personal access token [] #283

algoORgoal opened this issue Apr 15, 2025 · 3 comments
Labels
bug Something isn't working

Comments

@algoORgoal
Copy link

algoORgoal commented Apr 15, 2025
edited
Loading

Describe the bug

When attempting to create a pull request using the mcp_github_create_pull_request tool, the operation fails with a 403 error despite having what appears to be a valid personal access token configured.

Affected version

docker run -i --rm ghcr.io/github/github-mcp-server ./github-mcp-server --version

server version v0.1.1 (7ab5d96) 2025-04-07T16:05:06Z

(Version information to be added after running the command)

Steps to reproduce the behavior

  1. Configure GitHub PAT in ~/.cursor/mcp.json (macOS)
  2. Run a workflow using the GitHub MCP tools
  3. Attempt to create a pull request using mcp_github_create_pull_request
  4. Observe the error response

mcp.json

{
  "mcpServers": {
    "Framelink Figma MCP": {
      "command": "npx",
      "args": [
        "-y",
        "figma-developer-mcp",
        "--figma-api-key=...",
        "--stdio"
      ]
    },
    "github": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..."
      }
    },
    "toolbox": {
      "command": "npx",
      "args": [
        "-y",
        "@smithery/cli@latest",
        "run",
        "@smithery/toolbox",
        "--key",
        "..."
      ]
    }
  }
}

Expected vs actual behavior

Expected behavior:
The pull request should be created successfully in the specified repository.

Actual behavior:
The operation fails with a 403 error:

MCP error -32603: failed to create pull request: POST https://api.github.com/repos/Project-Unifest/unifest-web/pulls: 403 Resource not accessible by personal access token []

Logs

{
  "error": "MCP error -32603: failed to create pull request: POST https://api.github.com/repos/Project-Unifest/unifest-web/pulls: 403 Resource not accessible by personal access token []"
}

Additional information

  • Multiple tokens were tried (both fine-grained and classic PATs)
  • Token has appropriate repo permissions for the repository

Have a nice day, @bruce
@algoORgoal algoORgoal added the bug Something isn't working label Apr 15, 2025
@SamMorrowDrums
Copy link
Collaborator

SamMorrowDrums commented Apr 17, 2025
edited
Loading

@algoORgoal in an edit of this issue you accidentally pasted a Figma PAT token and it needs to be revoked. It was found by secret scanning and it should be considered leaked in public. Please do this ASAP to avoid issues with your account. I will also contact them and request they revoke the token.

Remediation steps

Follow the steps below before you close this alert.

  1. (1)Rotate the secret if it's in use to prevent breaking workflows.
  2. (2)Revoke this Figma Personal Access Token through Figma to prevent unauthorized access. Learn more about Figma tokens.
  3. (3)Check security logs for potential breaches.

@dudil
Copy link

dudil commented Apr 17, 2025

Hi @algoORgoal,
Had the same issue as well using VSCod (not sure if this was already addressed).

  1. You must use classic PAT with sufficient permissions to connect to container registry.
    You can read more about it here
    (@SamMorrowDrums - I think this should be mentioned with the README file, happy to update if you would like).
  2. I use the PAT created to login into the registry. It also requires your Github username (handle).
docker login -u <USER> -p <PAT> ghcr.io/github

This is just a quick workaround, I'll try to see if there is any better solution for that.

@dudil
Copy link

dudil commented Apr 17, 2025

As a possible solution for the configuration (in vscode):

{
  "inputs": [
    {
      "type": "promptString",
      "id": "github_token",
      "description": "GitHub Personal Access Token",
      "password": true
    },
    {
      "type": "promptString",
      "id": "github_user",
      "description": "GitHub Username"
    }
  ],
  "servers": {
    "github": {
      "command": "docker",
      "args": [
        "run",
        "-i",
        "--rm",
        "-e",
        "GITHUB_PERSONAL_ACCESS_TOKEN",
        "ghcr.io/github/github-mcp-server"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}",
        "DOCKER_USER": "${input:github_user}",
        "DOCKER_PASSWORD": "${input:github_token}"
      }
    }
  }
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dudil @SamMorrowDrums @algoORgoal