Managing access

The Identity concept provides an authentication and authorization layer for an individual scope. Since Geopoiesis doesn't make a lot of sense without at least one scope, we will create one as part of the app setup process.

Geopoiesis does not handle user or team management, deferring that to identity providers instead. In the previous step, you will have set up a GitHub app. In this step you will merely need to come up with the list of GitHub users and teams that can access your new scope.

In GitHub identity provider, permissions can be granted to individuals identified by their GitHub username, or teams identified by their ID. Finding the latter is unfortunately tricky, but that's what their API requires, so you will have no choice but put some effort into finding those numbers. Here is one way of doing that.

The other way involves GitHub GraphQL API explorer. Your query will look somewhat like this - though please replace organization name and team slug with your own values:

query {
organization(login: "geopoiesis") {
team(slug: "admins") {
id
}
}
}

The response will look like this:

{
"data": {
"organization": {
"team": {
"id": "MDQ6VGVhbTI3OTAwOTM="
}
}
}
}

Unfortunately, MDQ6VGVhbTI3OTAwOTM= isn't your team ID just yet. In order to get a numeric ID, you will need to base-64 decode this string:

$ echo MDQ6VGVhbTI3OTAwOTM= | base64 -D
04:Team2790093

Et voilà, 2790093 is the number you were looking for. We just wish it was easier.