Skip to content

Comments

Improve error message for org-blocked PAT tokens#8973

Open
costajohnt wants to merge 4 commits intorefined-github:mainfrom
costajohnt:fix/pat-org-error-message-8942
Open

Improve error message for org-blocked PAT tokens#8973
costajohnt wants to merge 4 commits intorefined-github:mainfrom
costajohnt:fix/pat-org-error-message-8942

Conversation

@costajohnt
Copy link
Contributor

@costajohnt costajohnt commented Feb 13, 2026
edited
Loading

Closes #8942

When an organization blocks classic PATs, the GitHub API returns "Resource not accessible by personal access token". Previously this fell through to the generic "Unable to fetch. Ensure that your token has access to this repo." message, which doesn't explain the actual problem.

This adds a specific case in getError() that shows a clear message directing users to the Security wiki page about token types. The "Read more" link is rendered as a clickable link in the toast notification.

Additionally, the toast system now auto-linkifies both markdown-style [text](url) links and bare URLs, so any error message containing a URL will show it as a clickable link.

Test URLs

Any org repo page where the org has blocked classic PATs (e.g. a feature like quick-review that makes API calls).

Screenshot

@github-actions github-actions bot changed the title fix: improve error message for org-blocked PAT tokens Improve error message for org-blocked PAT tokens Feb 13, 2026
@costajohnt costajohnt marked this pull request as ready for review February 13, 2026 02:58
SunsetTechuila
SunsetTechuila reviewed Feb 13, 2026
View reviewed changes
@SunsetTechuila
Copy link
Member

SunsetTechuila commented Feb 13, 2026

The "T" in "PAT" stands for "token", so "PAT token" is "PersonalAccessToken token" 🤓

fregante
fregante reviewed Feb 13, 2026
View reviewed changes
Copy link
Member

@fregante fregante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please include real screenshots and not AI-generated descriptions

source/github-helpers/api.ts Outdated
if ((apiResponse.message as string)?.includes('Resource not accessible by personal access token')) {
return new RefinedGitHubAPIError(
'The organization requires a specific type of token.',
'Read more: https://github.com/refined-github/refined-github/wiki/Security#token',
Copy link
Member

@fregante fregante Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Read more" should be clickable instead

@costajohnt costajohnt force-pushed the fix/pat-org-error-message-8942 branch from 50b9e1e to 1aaf10f Compare February 13, 2026 18:22
@costajohnt
Copy link
Contributor Author

costajohnt commented Feb 13, 2026

Updated — the "Read more" text is now rendered as a clickable link in the toast. The toast system auto-linkifies markdown-style [text](url) links and bare URLs.

I'll paste a real screenshot into the PR description shortly.

fregante
fregante reviewed Feb 14, 2026
View reviewed changes
source/github-helpers/toast.tsx Outdated
</div>
);
let lastRawMessage = message;
const updateToast = (message: string): void => {
Copy link
Member

@fregante fregante Feb 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of accepting a string and then linkifying it at runtime, it should accept string | JSX.Element. This way you can pass <>fragment with <a href="link">read more</a></>

@costajohnt
Copy link
Contributor Author

costajohnt commented Feb 15, 2026

Addressed the feedback:

  • Changed "The organization" → "Your organization"
  • Changed "Read more" → "Fix…" with a clickable link
  • Instead of parsing markdown links at runtime, showToast now accepts string | JSX.Element via a new ToastMessage type. The RefinedGitHubAPIError class has a richMessage property that carries JSX directly — the toast renders it as-is when present, falling back to error.message for plain string errors.
  • Removed the regex-based link parser from updateToast entirely
  • Renamed api.tsapi.tsx for JSX support

@costajohnt
fix: improve error message for org-blocked PAT tokens
7fe6a42 
Add a specific error case in getError() for the "Resource not accessible
by personal access token" API response, showing a user-friendly toast
that directs to the Security wiki page.

Fixes refined-github#8942
@costajohnt
Make "Read more" link clickable in toast error messages
4d80596 
Auto-linkify URLs and markdown-style [text](url) links in toast
messages using safe DOM methods. Store raw message for fallback
re-rendering to preserve link data.
@costajohnt
Accept JSX in toast messages instead of parsing markdown links
3a03e97 
- Add ToastMessage type (string | JSX.Element) to showToast
- Add richMessage property to RefinedGitHubAPIError for JSX content
- Rename api.ts to api.tsx for JSX support
- Change "The organization" to "Your organization"
- Change "Read more" link to "Fix…"
- Remove runtime markdown link parsing in favor of direct JSX
@costajohnt
fix: remove stale inline eslint-disable comment
373f94b
@costajohnt costajohnt force-pushed the fix/pat-org-error-message-8942 branch from 1fb34d1 to 373f94b Compare February 15, 2026 04:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fregante fregante fregante left review comments

@SunsetTechuila SunsetTechuila SunsetTechuila left review comments

Assignees

No one assigned

Labels

enhancement

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Improve API error message on organizations that block PAT token

3 participants

@costajohnt @SunsetTechuila @fregante