Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75889

GitHub app authentication fails when app is installed at both enterprise and org level

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • github-branch-source-plugin
    • None

      When using a GitHub App that is installed on both an enterprise AND an organisation, the authentication fails with:

      09:22:44  hudson.remoting.ProxyException: com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `org.kohsuke.github.GHTargetType` from String "Enterprise": not one of the values accepted for Enum class: [ORGANIZATION, USER]
09:22:44   at [Source: REDACTED (`StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION` disabled); line: 1, column: 789] (through reference chain: java.lang.Object[][0]->org.kohsuke.github.GHAppInstallation["target_type"])
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.exc.InvalidFormatException.from(InvalidFormatException.java:67)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.DeserializationContext.weirdStringException(DeserializationContext.java:1986)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.DeserializationContext.handleWeirdStringValue(DeserializationContext.java:1272)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.std.EnumDeserializer._deserializeAltString(EnumDeserializer.java:446)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.std.EnumDeserializer._fromString(EnumDeserializer.java:303)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.std.EnumDeserializer.deserialize(EnumDeserializer.java:272)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.impl.FieldProperty.deserializeAndSet(FieldProperty.java:137)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.BeanDeserializer.deserializeFromObject(BeanDeserializer.java:392)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:177)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.std.ObjectArrayDeserializer.deserialize(ObjectArrayDeserializer.java:217)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.deser.DefaultDeserializationContext.readRootValue(DefaultDeserializationContext.java:342)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectReader._bindAndClose(ObjectReader.java:2130)
09:22:44  	at PluginClassLoader for jackson2-api//com.fasterxml.jackson.databind.ObjectReader.readValue(ObjectReader.java:1565)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubResponse.parseBody(GitHubResponse.java:104)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubPageIterator.lambda$fetch$0(GitHubPageIterator.java:147)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.createResponse(GitHubClient.java:679)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:466)
09:22:44  Caused: hudson.remoting.ProxyException: org.kohsuke.github.HttpException: Server returned HTTP response code: 200, message: 'null' for URL: https://api.github.com/app/installations
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.interpretApiError(GitHubClient.java:743)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubClient.sendRequest(GitHubClient.java:480)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubPageIterator.fetch(GitHubPageIterator.java:146)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.GitHubPageIterator.hasNext(GitHubPageIterator.java:93)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterator.fetch(PagedIterator.java:116)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterator.nextPageArray(PagedIterator.java:144)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterable.toArray(PagedIterable.java:79)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterable.toArray(PagedIterable.java:107)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterable.toList(PagedIterable.java:119)
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterable.asList(PagedIterable.java:144)
09:22:44  Also:   hudson.remoting.ProxyException: org.jenkinsci.plugins.workflow.actions.ErrorAction$ErrorId: a7cab8f2-e679-4040-b830-b0b0cffeedfd
09:22:44  Caused: hudson.remoting.ProxyException: org.kohsuke.github.GHException: Failed to retrieve list: Server returned HTTP response code: 200, message: 'null' for URL: https://api.github.com/app/installations
09:22:44  	at PluginClassLoader for github-api//org.kohsuke.github.PagedIterable.asList(PagedIterable.java:146)
09:22:44  	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.generateAppInstallationToken(GitHubAppCredentials.java:222)
09:22:44  	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getToken(GitHubAppCredentials.java:294)
09:22:44  	at PluginClassLoader for github-branch-source//org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials.getPassword(GitHubAppCredentials.java:323)
09:22:44  	at PluginClassLoader for credentials-binding//org.jenkinsci.plugins.credentialsbinding.impl.UsernamePasswordMultiBinding.bind(UsernamePasswordMultiBinding.java:77)
09:22:44  	at PluginClassLoader for credentials-binding//org.jenkinsci.plugins.credentialsbinding.impl.BindingStep$Execution2.doStart(BindingStep.java:133)
09:22:44  	at PluginClassLoader for workflow-step-api//org.jenkinsci.plugins.workflow.steps.GeneralNonBlockingStepExecution.lambda$run$0(GeneralNonBlockingStepExecution.java:77)
09:22:44  	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
09:22:44  	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
09:22:44  	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
09:22:44  	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
09:22:44  	at java.base/java.lang.Thread.run(Unknown Source)
09:22:45  Finished: FAILURE

      This happens even when the "Owner" field is set to the organisation name within the Jenkins credential. Interestingly, we don't see this error when testing the connection on the credential page. Only when running a pipeline job that uses the credential.

      If we set the "Owner" field on the credential, we'd expect this organisation to be used when consuming the credential in a pipeline job. However, it appears this field is ignored within the pipeline job but is used when testing the credential? 

      Steps to reproduce:

      1. Create a GitHub app and install it on BOTH an enterprise and organisation
      2. Configure the GitHub app credential in Jenkins as follows. The "Owner" field should be set to the name of the GitHub organisation the app is installed on

      3. Hit "Test Connection" and the test is successful

      4. Try to use the credential in a pipeline job and you'll get the error message mentioned above

       

        1. image-2025-07-16-09-34-20-880.png
          image-2025-07-16-09-34-20-880.png
          53 kB

            Unassigned Unassigned
            brandon Brandon Sloan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: