Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21882

v1.551 + GitHub OAuth == broken api token access

    XMLWordPrintable

Details

    Description

      I've reproduced this by setting up a fresh Jenkins install.

      Here are my notes from that install:

      On Ubuntu 12.04.4 LTS

      sudo sh -c 'echo deb http://pkg.jenkins-ci.org/debian binary/ > /etc/apt/sources.list.d/jenkins.list'
      wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | sudo apt-key add -
      sudo apt-get update
      sudo apt-get install jenkins

      Visit http://host:8080/configureSecurity/
      Check "Enable security"
      Under the "Access Control" section choose the option "Jenkins’ own user database" under the "Security Realm" header.
      Choose "Save" at the bottom of the page.

      Visit http://host:8080/signup
      Fill out form matching the username to your github username.

      Return to Visit http://host:8080/configureSecurity/
      Under the "Access Control" section unselect "Allow users to sign up" under "Jenkins’ own user database" which is under the "Security Realm" header.
      Under the "Authorization" heading select the option "Logged-in users can do anything".
      Choose "Save" at the bottom of the page.

      Visit http://host:8080/pluginManager/
      Select all plugins with available updates using the link at the bottom of the page and then "install without restart".
      On the subsequent screen choose "Restart Jenkins when installation is complete and no jobs are running."

      At this point running the following produces no error:

      curl --url http://host:8080/user/mr-c --user mr-c:${api_token}

      Install the Github OAuth Plugin (grabs the GitHub API Plugin)
      Return to Visit http://host:8080/configureSecurity/
      Under the "Access Control" section choose the option "Github Authentication Plugin" under the "Security Realm" header.
      GitHub Web URI: https://github.com
      GitHub API URI: https://api.github.com
      Client ID: <masked for security>
      Client Secret: <masked for security>
      Under the "Authorization" heading select the option "Github Commiter Authorization Strategy".
      Admin User Names: mr-c
      Participant in Organization: ged-lab
      Grant READ permissions to all Authenticated Users: yes
      Grant READ permissions for /github-webhook: yes
      Grant READ permissions for Anonymous Users: yes
      Choose "Save" at the bottom of the page.

      Now the command:

      curl --url http://host:8080/user/mr-c --user mr-c:${api_token}

      produces this output:

      HTTP ERROR 401

      Problem accessing /user/mr-c. Reason:
      Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@23fcf1a8: Username: mr-c; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: <masked for privacy>; SessionId: null; Not granted any authorities

      This became a problem for me while trying to update my OS X slave using rhwood's jenkins-slave-osx script. I've filed a ticket there:
      https://github.com/rhwood/jenkins-slave-osx/issues/33

      Attachments

        Activity

          The contents of /systemInfo:

          System Properties
          
          Name  ↓
          Value   
          executable-war	/usr/share/jenkins/jenkins.war
          file.encoding	UTF-8
          file.encoding.pkg	sun.io
          file.separator	/
          hudson.diyChunking	true
          java.awt.graphicsenv	sun.awt.X11GraphicsEnvironment
          java.awt.headless	true
          java.awt.printerjob	sun.print.PSPrinterJob
          java.class.path	/usr/share/jenkins/jenkins.war
          java.class.version	50.0
          java.endorsed.dirs	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/endorsed
          java.ext.dirs	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/ext:/usr/java/packages/lib/ext
          java.home	/usr/lib/jvm/java-6-openjdk-amd64/jre
          java.io.tmpdir	/tmp
          java.library.path	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk-amd64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib
          java.runtime.name	OpenJDK Runtime Environment
          java.runtime.version	1.6.0_27-b27
          java.specification.name	Java Platform API Specification
          java.specification.vendor	Sun Microsystems Inc.
          java.specification.version	1.6
          java.vendor	Sun Microsystems Inc.
          java.vendor.url	http://java.sun.com/
          java.vendor.url.bug	http://java.sun.com/cgi-bin/bugreport.cgi
          java.version	1.6.0_27
          java.vm.info	mixed mode
          java.vm.name	OpenJDK 64-Bit Server VM
          java.vm.specification.name	Java Virtual Machine Specification
          java.vm.specification.vendor	Sun Microsystems Inc.
          java.vm.specification.version	1.0
          java.vm.vendor	Sun Microsystems Inc.
          java.vm.version	20.0-b12
          jna.platform.library.path	/usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib
          line.separator	
          mail.smtp.sendpartial	true
          mail.smtps.sendpartial	true
          os.arch	amd64
          os.name	Linux
          os.version	3.2.0-58-virtual
          path.separator	:
          sun.arch.data.model	64
          sun.boot.class.path	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/resources.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/jsse.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/jce.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/charsets.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/netx.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/plugin.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rhino.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/classes
          sun.boot.library.path	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64
          sun.cpu.endian	little
          sun.cpu.isalist	
          sun.io.unicode.encoding	UnicodeLittle
          sun.java.command	/usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1
          sun.java.launcher	SUN_STANDARD
          sun.jnu.encoding	UTF-8
          sun.management.compiler	HotSpot 64-Bit Tiered Compilers
          sun.os.patch.level	unknown
          svnkit.http.methods	Digest,Basic,NTLM,Negotiate
          svnkit.ssh2.persistent	false
          user.country	US
          user.dir	/
          user.home	/var/lib/jenkins
          user.language	en
          user.name	jenkins
          user.timezone	America/New_York
          Environment Variables
          
          Name  ↓
          Value   
          _	/usr/bin/daemon
          HOME	/var/lib/jenkins
          JENKINS_HOME	/var/lib/jenkins
          LANG	en_US.UTF-8
          LD_LIBRARY_PATH	/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk-amd64/jre/../lib/amd64
          LOGNAME	jenkins
          MAIL	/var/mail/jenkins
          PATH	/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
          PWD	/var/lib/jenkins
          SHELL	/bin/bash
          SHLVL	1
          TERM	screen
          USER	jenkins
          Plugins
          
          Name  ↓
          Version   
          Enabled   
          Pinned   
          ant	1.2	true	false
          credentials	1.10	true	true
          cvs	2.11	true	false
          external-monitor-job	1.2	true	false
          github-api	1.44	true	false
          github-oauth	0.14	true	false
          javadoc	1.1	true	false
          ldap	1.8	true	true
          mailer	1.8	true	true
          matrix-auth	1.1	true	false
          maven-plugin	2.1	true	false
          pam-auth	1.1	true	false
          scm-api	0.2	true	false
          ssh-credentials	1.6.1	true	true
          ssh-slaves	1.6	true	true
          subversion	2.2	true	true
          translation	1.11	true	true
          windows-slaves	1.0	true	false
          
          mcrusoe Michael Crusoe added a comment - The contents of /systemInfo: System Properties Name ↓ Value executable-war /usr/share/jenkins/jenkins.war file.encoding UTF-8 file.encoding.pkg sun.io file.separator / hudson.diyChunking true java.awt.graphicsenv sun.awt.X11GraphicsEnvironment java.awt.headless true java.awt.printerjob sun.print.PSPrinterJob java.class.path /usr/share/jenkins/jenkins.war java.class.version 50.0 java.endorsed.dirs /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/endorsed java.ext.dirs /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/ext:/usr/java/packages/lib/ext java.home /usr/lib/jvm/java-6-openjdk-amd64/jre java.io.tmpdir /tmp java.library.path /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk-amd64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib/x86_64-linux-gnu/jni:/lib/x86_64-linux-gnu:/usr/lib/x86_64-linux-gnu:/usr/lib/jni:/lib:/usr/lib java.runtime.name OpenJDK Runtime Environment java.runtime.version 1.6.0_27-b27 java.specification.name Java Platform API Specification java.specification.vendor Sun Microsystems Inc. java.specification.version 1.6 java.vendor Sun Microsystems Inc. java.vendor.url http://java.sun.com/ java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi java.version 1.6.0_27 java.vm.info mixed mode java.vm.name OpenJDK 64-Bit Server VM java.vm.specification.name Java Virtual Machine Specification java.vm.specification.vendor Sun Microsystems Inc. java.vm.specification.version 1.0 java.vm.vendor Sun Microsystems Inc. java.vm.version 20.0-b12 jna.platform.library.path /usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib line.separator mail.smtp.sendpartial true mail.smtps.sendpartial true os.arch amd64 os.name Linux os.version 3.2.0-58-virtual path.separator : sun.arch.data.model 64 sun.boot.class.path /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/resources.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rt.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/sunrsasign.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/jsse.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/jce.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/charsets.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/netx.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/plugin.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/rhino.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/java-6-openjdk-amd64/jre/classes sun.boot.library.path /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64 sun.cpu.endian little sun.cpu.isalist sun.io.unicode.encoding UnicodeLittle sun.java.command /usr/share/jenkins/jenkins.war --webroot=/var/cache/jenkins/war --httpPort=8080 --ajp13Port=-1 sun.java.launcher SUN_STANDARD sun.jnu.encoding UTF-8 sun.management.compiler HotSpot 64-Bit Tiered Compilers sun.os.patch.level unknown svnkit.http.methods Digest,Basic,NTLM,Negotiate svnkit.ssh2.persistent false user.country US user.dir / user.home /var/lib/jenkins user.language en user.name jenkins user.timezone America/New_York Environment Variables Name ↓ Value _ /usr/bin/daemon HOME /var/lib/jenkins JENKINS_HOME /var/lib/jenkins LANG en_US.UTF-8 LD_LIBRARY_PATH /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk-amd64/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk-amd64/jre/../lib/amd64 LOGNAME jenkins MAIL /var/mail/jenkins PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games PWD /var/lib/jenkins SHELL /bin/bash SHLVL 1 TERM screen USER jenkins Plugins Name ↓ Version Enabled Pinned ant 1.2 true false credentials 1.10 true true cvs 2.11 true false external-monitor-job 1.2 true false github-api 1.44 true false github-oauth 0.14 true false javadoc 1.1 true false ldap 1.8 true true mailer 1.8 true true matrix-auth 1.1 true false maven-plugin 2.1 true false pam-auth 1.1 true false scm-api 0.2 true false ssh-credentials 1.6.1 true true ssh-slaves 1.6 true true subversion 2.2 true true translation 1.11 true true windows-slaves 1.0 true false
          michaelglass Michael Glass added a comment - - edited

          confirmed: rolling back to git 1.550 fixes auth issues

          michaelglass Michael Glass added a comment - - edited confirmed: rolling back to git 1.550 fixes auth issues

          Should I remove 'github-oauth' from the component list then?

          mcrusoe Michael Crusoe added a comment - Should I remove 'github-oauth' from the component list then?
          michaelglass Michael Glass added a comment - - edited

          if you want username/api token access to jenkins, either disable the github oauth plugin or roll back to version jenkins 1.550 or before.

          michaelglass Michael Glass added a comment - - edited if you want username/api token access to jenkins, either disable the github oauth plugin or roll back to version jenkins 1.550 or before.
          jenshnielsen Jens Nielsen added a comment -

          I'm seeing the same issue on the latest LTS release (1.532.2) downgrading to 1.532.1 fixes it.

          jenshnielsen Jens Nielsen added a comment - I'm seeing the same issue on the latest LTS release (1.532.2) downgrading to 1.532.1 fixes it.
          michaelglass Michael Glass added a comment -

          confirmed still an issue with 1.552

          michaelglass Michael Glass added a comment - confirmed still an issue with 1.552
          soren Soren Hansen added a comment -

          ..and 1.553. Is anyone looking into this?

          soren Soren Hansen added a comment - ..and 1.553. Is anyone looking into this?
          soren Soren Hansen added a comment -

          This seems to have been introduced by https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3

          This makes it work again:

          https://github.com/sorenh/github-oauth-plugin/commit/da5c787cf72580f06c6a6318bf1b8a73071e8bcd

          But I'm fairly sure it's not the right fix:

          • The correct fix should be to make sure the authtoken is set. I don't know why it isn't.
          • The correct exception to throw in that situation seems like DataAccessException, but that would not actually make this work again.

          Perhaps someone else can shed some light on why authtoken might be null at this point? I've never looked at Jenkins internals before (and haven't really touched java in around a decade), so any further input would be greatly appreciated.

          soren Soren Hansen added a comment - This seems to have been introduced by https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3 This makes it work again: https://github.com/sorenh/github-oauth-plugin/commit/da5c787cf72580f06c6a6318bf1b8a73071e8bcd But I'm fairly sure it's not the right fix: The correct fix should be to make sure the authtoken is set. I don't know why it isn't. The correct exception to throw in that situation seems like DataAccessException, but that would not actually make this work again. Perhaps someone else can shed some light on why authtoken might be null at this point? I've never looked at Jenkins internals before (and haven't really touched java in around a decade), so any further input would be greatly appreciated.
          soren Soren Hansen added a comment -

          Or perhaps this is correct.. The authToken is specific to a user, so in this context it couldn't be set... and I don't suppose GitHub reveals information about users without authentication.

          soren Soren Hansen added a comment - Or perhaps this is correct.. The authToken is specific to a user, so in this context it couldn't be set... and I don't suppose GitHub reveals information about users without authentication.
          soren Soren Hansen added a comment - Filed a pull request: https://github.com/jenkinsci/github-oauth-plugin/pull/18
          skottler Sam Kottler added a comment -

          This has been fixed in 0.15. Please report any additional issues you may find in the release. Thanks for your patience on this one!

          skottler Sam Kottler added a comment - This has been fixed in 0.15. Please report any additional issues you may find in the release. Thanks for your patience on this one!
          michaelglass Michael Glass added a comment -

          Sam: I tried Soren's fix to no avail. Same error. Thoughts?

          michaelglass Michael Glass added a comment - Sam: I tried Soren's fix to no avail. Same error. Thoughts?
          michaelglass Michael Glass added a comment -

          tried 0.15 and received the same error.

          michaelglass Michael Glass added a comment - tried 0.15 and received the same error.
          jenshnielsen Jens Nielsen added a comment -

          The issue was resolved for me on the 1.532.2 lts (same time as 1.551) release. I have not tested any of the regular releases. Is it possible that another issue broke the
          this on one of the release following this i.e. 1.552 .. 1.556

          jenshnielsen Jens Nielsen added a comment - The issue was resolved for me on the 1.532.2 lts (same time as 1.551) release. I have not tested any of the regular releases. Is it possible that another issue broke the this on one of the release following this i.e. 1.552 .. 1.556
          jenshnielsen Jens Nielsen added a comment -

          Another thing. The latest release (0.15) does not appear in the update center nor
          on the download server here https://updates.jenkins-ci.org/download/plugins/

          jenshnielsen Jens Nielsen added a comment - Another thing. The latest release (0.15) does not appear in the update center nor on the download server here https://updates.jenkins-ci.org/download/plugins/
          soren Soren Hansen added a comment -

          Can you share what is recorded in the log file when you try this? I'd like to understand why my patch might not work for you, since it works for me.

          soren Soren Hansen added a comment - Can you share what is recorded in the log file when you try this? I'd like to understand why my patch might not work for you, since it works for me.
          michaelglass Michael Glass added a comment - - edited

          Sorry needed a weekend (p.s. Soren, thanks so much for your help in the first place)

          I just upgraded to 1.556 and your binary of the github oauth plugin.

          When I

          $ curl --user [masked username]:[masked api key] --data "" [jenkins api endpoint]

          I get (with a lot of html formatting removed)

          Error 401 Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@94008f0a: Username:[masked username]; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Not granted any authorities

          How can I get more detailed log info? The jenkins logging page is a little tough for me to parse given the fact that they don't give me target systems to log. (hudson.? org.jenkinsci.plugins?)

          michaelglass Michael Glass added a comment - - edited Sorry needed a weekend (p.s. Soren, thanks so much for your help in the first place) I just upgraded to 1.556 and your binary of the github oauth plugin. When I $ curl --user [masked username]:[masked api key] --data "" [jenkins api endpoint] I get (with a lot of html formatting removed) Error 401 Unexpected authentication type: org.acegisecurity.providers.UsernamePasswordAuthenticationToken@94008f0a: Username:[masked username]; Password: [PROTECTED]; Authenticated: false ; Details: org.acegisecurity.ui.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null ; Not granted any authorities How can I get more detailed log info? The jenkins logging page is a little tough for me to parse given the fact that they don't give me target systems to log. (hudson.? org.jenkinsci.plugins?)
          soren Soren Hansen added a comment -

          I was really hoping for relevant parts of the server side log file (for me it's located in /var/log/jenkins/jenkins.log). Any chance you can dig that up for me?

          soren Soren Hansen added a comment - I was really hoping for relevant parts of the server side log file (for me it's located in /var/log/jenkins/jenkins.log). Any chance you can dig that up for me?
          bezda Tomas Bezdek added a comment -

          the server-side log doesn't show any exceptions or related messages (with INFO level on)

          bezda Tomas Bezdek added a comment - the server-side log doesn't show any exceptions or related messages (with INFO level on)
          soren Soren Hansen added a comment -

          If you could grab the hpi from this url, install it, and do something like "tail -f /var/log/jenkins/jenkins.log | grep XXX" and try, I hope that should help me in the right direction.

          https://github.com/sorenh/github-oauth-plugin/releases/tag/0.15-moredebugging.1

          soren Soren Hansen added a comment - If you could grab the hpi from this url, install it, and do something like "tail -f /var/log/jenkins/jenkins.log | grep XXX" and try, I hope that should help me in the right direction. https://github.com/sorenh/github-oauth-plugin/releases/tag/0.15-moredebugging.1
          bezda Tomas Bezdek added a comment -

          I have jenkins-job-builder as one of the jobs in jenkins, which authenticates using api token. I've run the job twice, once with enabled jenkins security and once with disabled, but all I can see in log is this:

          Apr 2, 2014 9:53:20 PM hudson.model.Run execute
          INFO: jenkis-job-builder #121 main build action completed: FAILURE
          Apr 2, 2014 9:54:09 PM hudson.model.Run execute
          INFO: jenkis-job-builder #122 main build action completed: SUCCESS

          no log entries from the oauth plugin...

          bezda Tomas Bezdek added a comment - I have jenkins-job-builder as one of the jobs in jenkins, which authenticates using api token. I've run the job twice, once with enabled jenkins security and once with disabled, but all I can see in log is this: Apr 2, 2014 9:53:20 PM hudson.model.Run execute INFO: jenkis-job-builder #121 main build action completed: FAILURE Apr 2, 2014 9:54:09 PM hudson.model.Run execute INFO: jenkis-job-builder #122 main build action completed: SUCCESS no log entries from the oauth plugin...
          soren Soren Hansen added a comment -

          After installing the linked plugin and restarting Jenkins? If so, I think this is over my head. It would appear the github oauth plugin isn't even being invoked, and I have no idea why that might be the case.

          soren Soren Hansen added a comment - After installing the linked plugin and restarting Jenkins? If so, I think this is over my head. It would appear the github oauth plugin isn't even being invoked, and I have no idea why that might be the case.
          bezda Tomas Bezdek added a comment -

          yes, the update center has "0.15-SNAPSHOT (private-04/02/2014 23:27-soren)" as version for oauth plugin.
          the problem must be in the plugin, because when access control is set to jenkins own db, it works

          bezda Tomas Bezdek added a comment - yes, the update center has "0.15-SNAPSHOT (private-04/02/2014 23:27-soren)" as version for oauth plugin. the problem must be in the plugin, because when access control is set to jenkins own db, it works
          mockturtl mockturtl added a comment -

          Jenkins 1.557, 558

          +1 Michael Glass 30/Mar/14 7:49 PM: 401 Unexpected authentication type ... UsernamePasswordAuthenticationToken with curl

          +1 Jens Nielsen 25/Mar/14 11:01 AM: jenkins plugin manager has latest Github Oauth Plugin v0.14

          Soren, is swapping the installed github-oauth.jpi for github-oauth.hpi from your link sufficient to upgrade the plugin to 0.15-SNAPSHOT? If so, I can confirm the 401 error produces no output in /var/log/jenkins/jenkins.log.

          mockturtl mockturtl added a comment - Jenkins 1.557, 558 +1 Michael Glass 30/Mar/14 7:49 PM : 401 Unexpected authentication type ... UsernamePasswordAuthenticationToken with curl +1 Jens Nielsen 25/Mar/14 11:01 AM : jenkins plugin manager has latest Github Oauth Plugin v0.14 Soren, is swapping the installed github-oauth.jpi for github-oauth.hpi from your link sufficient to upgrade the plugin to 0.15-SNAPSHOT ? If so, I can confirm the 401 error produces no output in /var/log/jenkins/jenkins.log .
          peterldowns Peter Downs added a comment -

          Is there any further progress on this? It's unclear from this thread if the issue is resolved by using the 0.15-SNAPSHOT .hpi.

          peterldowns Peter Downs added a comment - Is there any further progress on this? It's unclear from this thread if the issue is resolved by using the 0.15-SNAPSHOT .hpi.
          michaelglass Michael Glass added a comment -

          peterldowns 0.15-snapshot solves some peoples' issues but not everyones'

          michaelglass Michael Glass added a comment - peterldowns 0.15-snapshot solves some peoples' issues but not everyones'
          soren Soren Hansen added a comment -

          It seems this broke again after I fixed it. AFter upgrading my Jenkins instance, it again does not work for me.

          A number of bugs seem related: JENKINS-22346 JENKINS-20064 JENKINS-9258

          soren Soren Hansen added a comment - It seems this broke again after I fixed it. AFter upgrading my Jenkins instance, it again does not work for me. A number of bugs seem related: JENKINS-22346 JENKINS-20064 JENKINS-9258
          jenshnielsen Jens Nielsen added a comment -

          That seems likely and explains why it works on the latest LTS but not on the regular version.

          jenshnielsen Jens Nielsen added a comment - That seems likely and explains why it works on the latest LTS but not on the regular version.
          soren Soren Hansen added a comment -

          Oh, found the problem!

          Jenkins's User class now calls the loadUserByUsername on the UserDetailsService from the SecurityComponents object on the SecurityRealm, but that doesn't actually call the loadUserByUsername method, but rather provides its own "fake" one in the Github OAuth plugin.

          soren Soren Hansen added a comment - Oh, found the problem! Jenkins's User class now calls the loadUserByUsername on the UserDetailsService from the SecurityComponents object on the SecurityRealm, but that doesn't actually call the loadUserByUsername method, but rather provides its own "fake" one in the Github OAuth plugin.
          soren Soren Hansen added a comment - https://github.com/jenkinsci/github-oauth-plugin/pull/23
          soren Soren Hansen added a comment - Plugin for testing can be found here: https://github.com/sorenh/github-oauth-plugin/releases/tag/0.16-pre-soren
          bezda Tomas Bezdek added a comment -

          works for me now!

          bezda Tomas Bezdek added a comment - works for me now!
          michaelglass Michael Glass added a comment -

          wfm!

          Thanks so much, Soren

          michaelglass Michael Glass added a comment - wfm! Thanks so much, Soren
          skottler Sam Kottler added a comment -

          A fix was merged for this in https://github.com/jenkinsci/github-oauth-plugin/pull/23. Thanks!

          skottler Sam Kottler added a comment - A fix was merged for this in https://github.com/jenkinsci/github-oauth-plugin/pull/23 . Thanks!
          mockturtl mockturtl added a comment -

          `0.16-SNAPSHOT` working, thanks!

          mockturtl mockturtl added a comment - `0.16-SNAPSHOT` working, thanks!
          michaelglass Michael Glass added a comment - - edited

          skottler can y'all release 0.16 please? Don't want to update my chef repos to install the new version of jenkins until this is up.

          michaelglass Michael Glass added a comment - - edited skottler can y'all release 0.16 please? Don't want to update my chef repos to install the new version of jenkins until this is up.

          People

            skottler Sam Kottler
            mcrusoe Michael Crusoe
            Votes:
            7 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: