Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63565

Receive HTTP 403 error authenticating with Github personal token

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: github-oauth-plugin
    • Labels:
      None
    • Environment:
      Jenkins: 2.254
      github-oauth: 0.33
      Github Enterprise: 2.21.3
    • Similar Issues:

      Description

      I have both the Github oauth plugin enabled for authentication and Github committer authorization strategy enabled. Within the authorization block I have disabled "Grant READ permissions for anonymous users".

      Any attempt to retrieve artifacts from completed build jobs, while using personal access tokens generated on our Github Enterprise server results in "Error 403 forbidden" errors.

        Attachments

          Activity

          Hide
          eslam Eslam ElHusseiny added a comment -

          Lyndon Washington I had the same issue with the error message of "HTTP ERROR 403 No valid crumb was included in the request". After digging into it I figured out that starting from Jenkins v*2.176.2*  you need to issue a crumb and use the issues crumb plus the session cookies of the crumbIssuer request with the subsequent API calls. This guide explains it in a bit more details https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained

          Show
          eslam Eslam ElHusseiny added a comment - Lyndon Washington I had the same issue with the error message of " HTTP ERROR 403 No valid crumb was included in the request ". After digging into it I figured out that starting from Jenkins v*2.176.2*  you need to issue a crumb and use the issues crumb plus the session cookies of the crumbIssuer request with the subsequent API calls. This guide explains it in a bit more details  https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
          Hide
          sag47 Sam Gleske added a comment - - edited

          Agreed  Eslam ElHusseiny, this doesn't have anything to do with github-oauth plugin.  If you like, feel free to refer to a patch to my personal  scripts which clearly shows a migration of code to the new way Jenkins authenticates using crumbs plus the GitHub token.

          https://github.com/samrocketman/home/commit/ad80c8d1e77ac2fd7770e1690752ca21b067ca44#diff-6def509e6278818bd3efcfab66c48d6398e08292f357df025481ed07311bdb41

          Show
          sag47 Sam Gleske added a comment - - edited Agreed  Eslam ElHusseiny , this doesn't have anything to do with github-oauth plugin.  If you like, feel free to refer to a patch to my personal  scripts which clearly shows a migration of code to the new way Jenkins authenticates using crumbs plus the GitHub token. https://github.com/samrocketman/home/commit/ad80c8d1e77ac2fd7770e1690752ca21b067ca44#diff-6def509e6278818bd3efcfab66c48d6398e08292f357df025481ed07311bdb41

            People

            Assignee:
            sag47 Sam Gleske
            Reporter:
            hoshposh66 Lyndon Washington
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: