Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39477

Github Plugin with Two Factor Authentication (2FA)

    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Critical Critical
    • github-plugin
    • None

      It's been years since 2fa and oauth authentication has been enabled on GitHub, why has the github plugin not been updated to use the recommended authentication methods GitHub suggests?

      I'm creating this issue because we need to see this feature in the plugin, and I can't find any issue currently tracking it.

          [JENKINS-39477] Github Plugin with Two Factor Authentication (2FA)

          2FA auth requires pin which can't be retrieved automatically. Nobody use 2FA and store all creds in jenkins, where u can fetch any creds with help of groovy console

          Kirill Merkushev added a comment - 2FA auth requires pin which can't be retrieved automatically. Nobody use 2FA and store all creds in jenkins, where u can fetch any creds with help of groovy console

          I am reopening this issue, as more and more people use two factor authentication.
          Can we use Oauth authentication with personal access token?

          Olivier Vernin added a comment - I am reopening this issue, as more and more people use two factor authentication. Can we use Oauth authentication with personal access token?

          Kirill Merkushev added a comment - - edited

          Github plugin already uses oauth tokens for authentication.
          And can help to fetch such token with required scopes in Jenkins Global configuration UI (by creating token using login+password).
          But it can't fetch token by itself if you use 2fa. If u use 2fa, you should create token manually and provide it in the global configuration

          Kirill Merkushev added a comment - - edited Github plugin already uses oauth tokens for authentication. And can help to fetch such token with required scopes in Jenkins Global configuration UI (by creating token using login+password). But it can't fetch token by itself if you use 2fa. If u use 2fa, you should create token manually and provide it in the global configuration

          I'd like to add to this issue, as it took me a while to figure out how to auth to github when using an account with 2FA.

          1. Make a Personal Token on Github
          2. Use that token as the "Secret Text" option when you make credentials on Jenkins

          If this isn't a good way, I'd like to hear others chime in. 

          Michael Tidwell added a comment - I'd like to add to this issue, as it took me a while to figure out how to auth to github when using an account with 2FA. 1. Make a Personal Token on Github 2. Use that token as the "Secret Text" option when you make credentials on Jenkins If this isn't a good way, I'd like to hear others chime in. 

          Tobin Davis added a comment - - edited

          I have another scenario where this is failing.  I have a job that worked up until this morning when our SCM admin forced us to use 2FA.  Now, no matter what I try, my pipeline jobs fail in strange ways during 'checkout scm'.  I have one job that will fail to checkout submodules (some of which aren't even part of our private repos), and PR jobs will fail because they can't figure out what branch to start with (indicating that scm.* is not being populated properly).  I have tried all of the workarounds I can think of, including using the syntax generator and hardcoding the Jenkinsfile script with credentialID.  Nothing appears to work.

           

          Update:  It appears I have to add 'Checkout over SSH' to force it to use the proper credentials, even though the submodules are defined to use ssh URL and the 'Advanced sub-modules behaviours->Use credentials from default remote of parent repository'  is checked.  Seems ridiculously redundant and non-intuitive. 

           

          Tobin Davis added a comment - - edited I have another scenario where this is failing.  I have a job that worked up until this morning when our SCM admin forced us to use 2FA.  Now, no matter what I try, my pipeline jobs fail in strange ways during 'checkout scm'.  I have one job that will fail to checkout submodules (some of which aren't even part of our private repos), and PR jobs will fail because they can't figure out what branch to start with (indicating that scm.* is not being populated properly).  I have tried all of the workarounds I can think of, including using the syntax generator and hardcoding the Jenkinsfile script with credentialID.  Nothing appears to work.   Update:  It appears I have to add 'Checkout over SSH' to force it to use the proper credentials, even though the submodules are defined to use ssh URL and the 'Advanced sub-modules behaviours->Use credentials from default remote of parent repository'  is checked.  Seems ridiculously redundant and non-intuitive.   

            lanwen Kirill Merkushev
            gnarf Corey Frang
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: