Fine grained personal access token cannot create pull requests

[stephenafamo]

Select Topic Area

Bug

Body

Trying to create a pull request with POST https://api.github.com/repos/OWNER/REPO/pull and a fine grained personal access token.

According to the documentation, this should work under these conditions:

To open or update a pull request in a public repository, you must have write access to the head or the source branch.

In this case, both the source and target repositories are public, and the PAT has contents permission to the source repo.

I tired adding pull requests permissions to the PAT since the x-accepted-github-permissions header responded with pull_requests=write but I kept getting the same error:

403 Forbidded

{
  "message": "Resource not accessible by personal access token",
  "documentation_url": "https://docs.github.com/rest/pulls/pulls#create-a-pull-request"
}

[dvargas92495]

We also have experienced this issue. In the meantime, in order to unblock our automated pipelines we reverted back to using a classic token instead of a personal access token. This is not ideal long term as the former is considered legacy by Github and allows permissioning that is too broad to this token.

We would be keen on a fix from Github's end, or an explanation on why this is the case

[rene-hermenau]

Have the same error. PAT tokens can not create pull requests due to lack of permissions.

[neubig]

Getting the same error here, it'd be nice to have a fix so we don't have to revert back to classic tokens.

[TBBle]

Based on vedantmgoyal9/winget-releaser#172, the problem appears to be that to open a PR, you need a token with the resource owner being the target, but unless you own the target repo, or are a member of its owning organisation, it's not possible to create such a PAT.

This should be resolved if github/roadmap#600 is ever implemented, noted via https://github.com/orgs/community/discussions/36441#discussioncomment-4879243