Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-32641

Confusing credentials configuration for GitHub Server Config

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • github-plugin
    • Core 1.642.1
      GitHub Plugin versions 1.14 and 1.16

      • Create a username / password credential.
      • Go to Configure System / GitHub Plugin Configuration
      • Add a GitHub Server Config

      EB: The created credential appears in the Credentials combo.
      AB: Only none is included.

      Add a username / password credential from the "Add" button in the same GitHub Server Config

      EB: The new credential is added to the global config and appears in the combo.
      AB: The new credential is added to the global config but does not appear in the combo.

          [JENKINS-32641] Confusing credentials configuration for GitHub Server Config

          Have you tried to use tokens? Using login/password is strongly not recommended. For converting login/password UI has helper.

          Kanstantsin Shautsou added a comment - Have you tried to use tokens? Using login/password is strongly not recommended. For converting login/password UI has helper.

          please read the doc on wiki and help in front of creds field.
          You can use only tokens to connect to GH in this plugin.

          Also, you can automatically convert your login+password creds to token creds with help of "Manage Additional GH Actions"

          Kirill Merkushev added a comment - please read the doc on wiki and help in front of creds field. You can use only tokens to connect to GH in this plugin. Also, you can automatically convert your login+password creds to token creds with help of "Manage Additional GH Actions"

          Hi!,

          I'm using username / password using a GitHub Personal Access Token instead of the password. With the PAT included in a "Secret Text" credential it works.
          Is this the intended behavior? That is username / password (even if not using the password) is not only not recommended but not supported?

          Thanks!

          Andres Rodriguez added a comment - Hi!, I'm using username / password using a GitHub Personal Access Token instead of the password. With the PAT included in a "Secret Text" credential it works. Is this the intended behavior? That is username / password (even if not using the password) is not only not recommended but not supported? Thanks!

          Yep, it uses oauth to talk with GH, not the basic auth, so only token is supported.

          Basic auth can be used only to create new token.

          Kirill Merkushev added a comment - Yep, it uses oauth to talk with GH, not the basic auth, so only token is supported. Basic auth can be used only to create new token.

          Sorin Sbarnea added a comment -

          This bug should be reopen because the current behaviour is very confusing. The way tokens are used by everyone is that they are used instead of passwords.

          Still, even after adding github credentials into jenkins (users, and token as password), the ui does not list them and does not give any indication why. The result is a very poor user experience.

          Sorin Sbarnea added a comment - This bug should be reopen because the current behaviour is very confusing. The way tokens are used by everyone is that they are used instead of passwords. Still, even after adding github credentials into jenkins (users, and token as password), the ui does not list them and does not give any indication why. The result is a very poor user experience.

          Kanstantsin Shautsou added a comment - - edited

          Does credentials-plugin allows limit the number of type available for creation from add button? If not, then issue will be closed as won't fix because it known credentials-plugin pure api.

          Kanstantsin Shautsou added a comment - - edited Does credentials-plugin allows limit the number of type available for creation from add button? If not, then issue will be closed as won't fix because it known credentials-plugin pure api.

          Sorin Sbarnea added a comment -

          integer, yes it does support filtering because that's even why the dropdown is empty by default, even if you already have user/password credentials configured.

          The amount of actions needed for configuring GitHub takes ridiculous level. Once the user is reaching the "GitHub Server Config" section in the config, not only that he faces an empty credentials dropdown but in order to add the missing credential-tokens, he needs to scroll to the Advanced button, scroll down again to reach the "Additional Actions" button, and click the only action there which helps him generate the tokens.

          I bet that over 50% of the users do need to google in order to be able to configure the credentials, probably spending half-an-hour for something that should take ten seconds.

          I raised this bug after googling for the solution the 3rd time in one year. Yes, even after reading the solution, you will forget it sooner or later.

          Regarding difference between token and password. I doubt there is one real difference between tokens and passwords. As far as I know tokens are just "special passwords", login process (api calls) being the same as using a plain password. I am not sure about GitLab, but I am sure about other systems that allow tokens, including Jenkins itself.

           

          Sorin Sbarnea added a comment - integer , yes it does support filtering because that's even why the dropdown is empty by default, even if you already have user/password credentials configured. The amount of actions needed for configuring GitHub takes ridiculous level. Once the user is reaching the "GitHub Server Config" section in the config, not only that he faces an empty credentials dropdown but in order to add the missing credential-tokens, he needs to scroll to the Advanced button, scroll down again to reach the "Additional Actions" button, and click the only action there which helps him generate the tokens. I bet that over 50% of the users do need to google in order to be able to configure the credentials, probably spending half-an-hour for something that should take ten seconds. I raised this bug after googling for the solution the 3rd time in one year. Yes, even after reading the solution, you will forget it sooner or later. Regarding difference between token and password. I doubt there is one real difference between tokens and passwords. As far as I know tokens are just "special passwords", login process (api calls) being the same as using a plain password. I am not sure about GitLab, but I am sure about other systems that allow tokens, including Jenkins itself.  

          leemeador added a comment -

          All the instructions I found by googling tell me to use the "add credentials" section that is somewhat below where you enter the credentials so you have to read the part below the selection point for credentials to see how to add one.

          But, because of the way our enterprise GitHub is secured, the two add credentials options always fail with a permission error from GitHub. (There isn't any help for how to enter the correct URL of any GitHub other than public GitHub.

          Further, the "add" button right beside the credentials dropdown is worthless because a) it defaults to a userid/password credential instead of the needed "secret text" credential that could work and b) there is no indication of what to enter as the "secret text". (And I still don't know what that would be.)

          leemeador added a comment - All the instructions I found by googling tell me to use the "add credentials" section that is somewhat below where you enter the credentials so you have to read the part below the selection point for credentials to see how to add one. But, because of the way our enterprise GitHub is secured, the two add credentials options always fail with a permission error from GitHub. (There isn't any help for how to enter the correct URL of any GitHub other than public GitHub. Further, the "add" button right beside the credentials dropdown is worthless because a) it defaults to a userid/password credential instead of the needed "secret text" credential that could work and b) there is no indication of what to enter as the "secret text". (And I still don't know what that would be.)

            lanwen Kirill Merkushev
            andresrc Andres Rodriguez
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: