Issue

I am using a GitHub log source in Panther with OAuth authentication and I encountered a permissions error stating {"message":"Must have admin rights to Repository.","documentation_url":"­https://docs.github.com/rest/orgs/orgs#get-the-audit-log-for-an-organization","status":"403"}: github: Authentication error even though the OAuth token was generated by a user with Οrganization owner permissions.

Resolution

To resolve this issue:

1. Ensure that the user who generated the OAuth token maintains Οrganization owner permissions in GitHub.

2. If the permissions have changed, make the user an Οrganization owner again.

3. If the issue persists, generate a new OAuth token using an account that will maintain Οrganization owner permissions long-term.

4. Update the GitHub log source in Panther with the new OAuth token.

Cause

This issue occurs because OAuth access tokens lose access to resources when the user's permissions change. If the user who generated the token loses admin rights to the repository, the token will no longer have sufficient permissions to access the required GitHub data.

An OAuth access token loses access to resources when the user loses access, such as when they lose write access to a repository.

Additional Information

When setting up or troubleshooting your GitHub log source, ensure that:

• Your GitHub organization is part of a GitHub Enterprise Cloud deployment.

• The user generating the OAuth token has organization owner permissions and a GitHub Enterprise subscription.

• If your organization enforces SAML SSO, ensure that the OAuth app is authorized using SAML SSO.

For more information on setting up the GitHub log source, refer to the Panther documentation on creating a new OAuth app for GitHub.