Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-63565

Receive HTTP 403 error authenticating with Github personal token

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • github-oauth-plugin
    • None
    • Jenkins: 2.254
      github-oauth: 0.33
      Github Enterprise: 2.21.3

      I have both the Github oauth plugin enabled for authentication and Github committer authorization strategy enabled. Within the authorization block I have disabled "Grant READ permissions for anonymous users".

      Any attempt to retrieve artifacts from completed build jobs, while using personal access tokens generated on our Github Enterprise server results in "Error 403 forbidden" errors.

          [JENKINS-63565] Receive HTTP 403 error authenticating with Github personal token

          hoshposh66 I had the same issue with the error message of "HTTP ERROR 403 No valid crumb was included in the request". After digging into it I figured out that starting from Jenkins v*2.176.2*  you need to issue a crumb and use the issues crumb plus the session cookies of the crumbIssuer request with the subsequent API calls. This guide explains it in a bit more details https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained

          Eslam ElHusseiny added a comment - hoshposh66 I had the same issue with the error message of " HTTP ERROR 403 No valid crumb was included in the request ". After digging into it I figured out that starting from Jenkins v*2.176.2*  you need to issue a crumb and use the issues crumb plus the session cookies of the crumbIssuer request with the subsequent API calls. This guide explains it in a bit more details  https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained

          Sam Gleske added a comment - - edited

          Agreed  eslam, this doesn't have anything to do with github-oauth plugin.  If you like, feel free to refer to a patch to my personal  scripts which clearly shows a migration of code to the new way Jenkins authenticates using crumbs plus the GitHub token.

          https://github.com/samrocketman/home/commit/ad80c8d1e77ac2fd7770e1690752ca21b067ca44#diff-6def509e6278818bd3efcfab66c48d6398e08292f357df025481ed07311bdb41

          Sam Gleske added a comment - - edited Agreed  eslam , this doesn't have anything to do with github-oauth plugin.  If you like, feel free to refer to a patch to my personal  scripts which clearly shows a migration of code to the new way Jenkins authenticates using crumbs plus the GitHub token. https://github.com/samrocketman/home/commit/ad80c8d1e77ac2fd7770e1690752ca21b067ca44#diff-6def509e6278818bd3efcfab66c48d6398e08292f357df025481ed07311bdb41

            sag47 Sam Gleske
            hoshposh66 Lyndon Washington
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: