-
Improvement
-
Resolution: Unresolved
-
Critical
-
None
It's been years since 2fa and oauth authentication has been enabled on GitHub, why has the github plugin not been updated to use the recommended authentication methods GitHub suggests?
I'm creating this issue because we need to see this feature in the plugin, and I can't find any issue currently tracking it.
[JENKINS-39477] Github Plugin with Two Factor Authentication (2FA)
Corey Frang
created issue -
| Resolution | New: Won't Fix [ 2 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
I am reopening this issue, as more and more people use two factor authentication.
Can we use Oauth authentication with personal access token?
| Resolution | Original: Won't Fix [ 2 ] | |
| Status | Original: Closed [ 6 ] | New: Reopened [ 4 ] |
| Comment |
[ Instead of using login/password, we may use [link Personal Access Token|http://https://github.com/settings/tokens] where we can restrict permission. -> https://developer.github.com/v3/auth/#basic-authentication ] |
Github plugin already uses oauth tokens for authentication.
And can help to fetch such token with required scopes in Jenkins Global configuration UI (by creating token using login+password).
But it can't fetch token by itself if you use 2fa. If u use 2fa, you should create token manually and provide it in the global configuration
| Resolution | New: Won't Fix [ 2 ] | |
| Status | Original: Reopened [ 4 ] | New: Resolved [ 5 ] |
I'd like to add to this issue, as it took me a while to figure out how to auth to github when using an account with 2FA.
1. Make a Personal Token on Github
2. Use that token as the "Secret Text" option when you make credentials on Jenkins
If this isn't a good way, I'd like to hear others chime in.
I have another scenario where this is failing. I have a job that worked up until this morning when our SCM admin forced us to use 2FA. Now, no matter what I try, my pipeline jobs fail in strange ways during 'checkout scm'. I have one job that will fail to checkout submodules (some of which aren't even part of our private repos), and PR jobs will fail because they can't figure out what branch to start with (indicating that scm.* is not being populated properly). I have tried all of the workarounds I can think of, including using the syntax generator and hardcoding the Jenkinsfile script with credentialID. Nothing appears to work.
Update: It appears I have to add 'Checkout over SSH' to force it to use the proper credentials, even though the submodules are defined to use ssh URL and the 'Advanced sub-modules behaviours->Use credentials from default remote of parent repository' is checked. Seems ridiculously redundant and non-intuitive.
Tobin Davis
added a comment - - edited I have another scenario where this is failing. I have a job that worked up until this morning when our SCM admin forced us to use 2FA. Now, no matter what I try, my pipeline jobs fail in strange ways during 'checkout scm'. I have one job that will fail to checkout submodules (some of which aren't even part of our private repos), and PR jobs will fail because they can't figure out what branch to start with (indicating that scm.* is not being populated properly). I have tried all of the workarounds I can think of, including using the syntax generator and hardcoding the Jenkinsfile script with credentialID. Nothing appears to work.
Update: It appears I have to add 'Checkout over SSH' to force it to use the proper credentials, even though the submodules are defined to use ssh URL and the 'Advanced sub-modules behaviours->Use credentials from default remote of parent repository' is checked. Seems ridiculously redundant and non-intuitive.
2FA auth requires pin which can't be retrieved automatically. Nobody use 2FA and store all creds in jenkins, where u can fetch any creds with help of groovy console