Everything you are doing is OK. However, when creating OAuth tokens for authentication, be sure that you are defining the right scopes. Each scope defines a specific set of permitted actions (information you can read/write), so you should check that you are creating the token with the repo scope.