Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-49485

jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I have been trying to get github authentication plugin working but keep getting following java dump...

      java.io.FileNotFoundException: https://api.github.com/user at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243) at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25) at org.kohsuke.github.Requester.parse(Requester.java:612) at org.kohsuke.github.Requester.parse(Requester.java:594) at org.kohsuke.github.Requester._to(Requester.java:272) Caused: org.kohsuke.github.GHFileNotFoundException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} at org.kohsuke.github.Requester.handleApiError(Requester.java:686) at org.kohsuke.github.Requester._to(Requester.java:293) at org.kohsuke.github.Requester.to(Requester.java:234) at org.kohsuke.github.GitHub.getMyself(GitHub.java:384) at org.kohsuke.github.GitHub.<init>(GitHub.java:158) at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:207) at org.jenkinsci.plugins.GithubAuthenticationToken.getGitHub(GithubAuthenticationToken.java:211) at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:126) at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:478) Caused: java.lang.RuntimeException at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:482) at jenkins.security.BasicHeaderRealPasswordAuthenticator.authenticate(BasicHeaderRealPasswordAuthenticator.java:56) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:79) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

       

      Here is what I'm doing.....

      Within "Configure Global Security"
      Select `Github Authentication Plugin`
      GitHub Web URI: https://github.com
      GitHub API URI: https://api.github.com
      Client ID: xxxxx
      Secret: xxxxx
      OAuth Scope(s): write:org,user:email

      Select `GitHub Committer Authorization Strategy`
      Admin User Names: <list-of-user-id> 
      Participant in Organization: veritone
      Use GitHub repository permissions: checked
      Grant READ permissions for /github-webhook: checked
      Grant READ permissions for .*/cc.xml: checked

       

      One way to see if from jenkins server itself I could make same github REST call is....
      curl 'https://api.github.com/users/jpveritone?client_id=xxxxxxxx&client_secret=yyyyyyyy' .  and this works.

       

      I am running jenkins version 2.89.2 with github-oauth plugin 0.28.1

        Attachments

          Activity

          Hide
          perezje Jesse Perez added a comment -

          I am not using GitHub Enterprise.

          Show
          perezje Jesse Perez added a comment - I am not using GitHub Enterprise.
          Hide
          jeremym Jeremy Marshall added a comment -

          I'm also having problem with GHE and declarative pipelines

           

           

          It seems ordinary users are not able to read credentials, even ones they created

          Show
          jeremym Jeremy Marshall added a comment - I'm also having problem with GHE and declarative pipelines     It seems ordinary users are not able to read credentials, even ones they created
          Hide
          sag47 Sam Gleske added a comment - - edited

          For now, I recommend using project matrix authorization and generating jobs via something like Job DSL plugin with authorizations. At this time, GitHub authorization strategy leaves a lot to be desired. In general, errors resulting for the GitHub API are usually related to improperly scoped tokens. It needs repo, org:read, and user:email.

          I use this plugin daily (with brand new provisions) and do not encounter these errors.

          Show
          sag47 Sam Gleske added a comment - - edited For now, I recommend using project matrix authorization and generating jobs via something like Job DSL plugin with authorizations. At this time, GitHub authorization strategy leaves a lot to be desired. In general, errors resulting for the GitHub API are usually related to improperly scoped tokens. It needs repo, org:read, and user:email. I use this plugin daily (with brand new provisions) and do not encounter these errors.
          Hide
          sag47 Sam Gleske added a comment -

          Can't reproduce, this isn't an issue in the plugin. Looking at the comments it's possible the JENKINS_HOME credentials were corrupted by the admin some how. Since this is so old I doubt their Jenkins instance still has these problems.

          Show
          sag47 Sam Gleske added a comment - Can't reproduce, this isn't an issue in the plugin. Looking at the comments it's possible the JENKINS_HOME credentials were corrupted by the admin some how. Since this is so old I doubt their Jenkins instance still has these problems.
          Hide
          sag47 Sam Gleske added a comment -

          The github authorization feature of the github-oauth plugin needs a complete rewrite. The rewrite is tracked in JENKINS-27844.

          Show
          sag47 Sam Gleske added a comment - The github authorization feature of the github-oauth plugin needs a complete rewrite. The rewrite is tracked in JENKINS-27844 .

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            perezje Jesse Perez
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: