This is on chrome I believe:
In inspector:

https://ci.blueocean.io/blue/rest/search/?q=type:pipeline;excludedFromFlattening:jenkins.branch.MultiBranchProject,hudson.matrix.MatrixProject&filter=no-folders&start=0&limit=26

returns:

<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fblue%2Frest%2Fsearch%2F%3Fq%3Dtype%3Apipeline%3BexcludedFromFlattening%3Ajenkins.branch.MultiBranchProject%2Chudson.matrix.MatrixProject%26filter%3Dno-folders%26start%3D0%26limit%3D26'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fblue%2Frest%2Fsearch%2F%3Fq%3Dtype%3Apipeline%3BexcludedFromFlattening%3Ajenkins.branch.MultiBranchProject%2Chudson.matrix.MatrixProject%26filter%3Dno-folders%26start%3D0%26limit%3D26');</script></head><body style='background-color:white; color:white;'>


Authentication required
<!--
-->

</body></html>    

This seems to be due to github oauth plugin blocking things right vivek?

michaelneale hard to say as this is only chrome specific, dashboard loads fine in Safari.

vivek interesting, in safari it won't load pipelines though.. so neither is quite right so probably not github oauth related only.

In the AT SE I see a signature issue that I had not before, but may be related?

https://ci.blueocean.io/job/Acceptance%20Test%20PR/37/console
com.github.eirslett.maven.plugins.frontend.lib.DefaultGulpRunner - Error: Signature author is required.
2016-08-31 10:04:41,100 [Thread-4] ERROR (InputStreamHandler.java:60) com.github.eirslett.maven.plugins.frontend.lib.DefaultGulpRunner - at Error (native)
2016-08-31 10:04:41,100 [Thread-4] ERROR (InputStreamHandler.java:60)

Issue identified, While verifying the token JwtTokenAuthentication tries to get GrantAuthorities using

Jenkins.getInstance().getSecurityRealm().loadUserByUsername(user.getId()), basically this results in to call on GithubSecurityRealm. loadUserByUsername(user.getId()) and it throws UserMayOrMayNotExistException because there is no session and it can't get hold of githubtoken to get user details, it eventually results in to 403 error.

It passed in our testing as all testing were done with username/password, that uses file system persistence to load user and that accidentally worked without http session.

Fix is in progress.

Update: 403 error gone. It needed encoding granted authorizations in the token and putting them together back as JWT specific Authentication object. This was suggested by kohsuke in code review few days back for different reason, that is performance and was marked as TODO.

However Jenkins.getACL().hasPermission(...) fails because github plugin looking for it's own authentication object and when it detects the given authentication is not known it returns null. So this is still an issue. Problem is plugging in JWT specific ACL, but this is on Jenkins singleton. I am going to check with kohsuke on what possibly can be done here.

As mentioned above, the main issue was setting JWT specific Authentication object was not liked by github auth plugin, GithubRequireOrganizationMembershipACL.hasPermission(Permission) had:

if (a != null && a instanceof GithubAuthenticationToken) {
            if (!a.isAuthenticated())
                return false;
}else{
  return false;
}

While gthub auth plugin is ok to have such uses, and there might be other plugins that might enforce using their own Authentication implementation. For this reason, this fix changed how Authentication instance is created and set on SecurityContext. We define JwtAuthenticationStoreFactory extension point and JwtAuthenticationStore abstraction to store Authentication in jwt token and also to re-create Authentication instance using jwt claims. There is default implementation that use in memory map to store authentication implementation.

PR is in https://github.com/jenkinsci/blueocean-plugin/pull/457

Moving this out of sprint as this work is officially on hold