How to list organization’s private repositories via GitHub API?
Everything you are doing is OK. However, when creating OAuth tokens for authentication, be sure that you are defining the right scopes. Each scope defines a specific set of permitted actions (information you can read/write), so you should check that you are creating the token with the repo scope.