Assume you have following scenario in your enterprise github.
OrgA (we have 3 repos: repoA1, repoA2, repoA3)
OrgB (we have 3 repos: repoB1, repoB2, repoB3)
Assume that userOne has access to all 6 repos in both the organizations. Therefore, when user visit his GitHub UI, he can see all 6 repos.
However tokenOne created by the userOne only has authorized to access OrgA. which means this token can only access resources from repos : repoA1, repoA2, repoA3
For some reason in our API( /user/repos) when retrieving the repository list, it returns all 6 of them.
If user select any repos from OrgB ( for which tokenOne is not authorized) and tries to fetch further details like releases, pull requests then it will fail due to permission issues for further resources access of OrgB.
Is there a way to fetch only the authorized repo list so that only OrgA repos would be available?