[JIRA] (JENKINS-51092) Two Factor Auth in Github Breaks Authentication for Github Organization

12 views
Skip to first unread message

grayaii@gmail.com (JIRA)

unread,
May 2, 2018, 4:37:03 PM5/2/18
to jenkinsc...@googlegroups.com
Alex Gray created an issue
 
Jenkins / Bug JENKINS-51092
Two Factor Auth in Github Breaks Authentication for Github Organization
Issue Type: Bug Bug
Assignee: Unassigned
Attachments: jenkins.jpg
Components: github-branch-source-plugin
Created: 2018-05-02 20:36
Environment: Jenkins ver. 2.107.2
GitHub Branch Source 2.3.3
Priority: Minor Minor
Reporter: Alex Gray

We are enforcing Two Factor Authentication on all users in our GitHub Organization.

When we enabled it, all of our Jenkins jobs were fine EXCEPT for our "Github Organization" jobs.

It seems this plugin only support username/password creds, not id_rsa or access_tokens, which work fine with Two Factor Authentication.

If you use username/access_token credentials, you get access denied:


Started by user 
[Alex Gray|https://jenkins.clearcare.it/user/alex.gray]
java.io.FileNotFoundException: 
[https://api.github.com/]
	at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243)
	at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210)
	at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25)
	at org.kohsuke.github.Requester.parse(Requester.java:612)
	at org.kohsuke.github.Requester.parse(Requester.java:594)
	at org.kohsuke.github.Requester._to(Requester.java:272)
Caused: org.kohsuke.github.GHFileNotFoundException: \{"message":"Must specify two-factor authentication OTP code.","documentation_url":"
[https://developer.github.com/v3/auth#working-with-two-factor-authentication]
"}
	at org.kohsuke.github.Requester.handleApiError(Requester.java:686)
	at org.kohsuke.github.Requester._to(Requester.java:293)
	at org.kohsuke.github.Requester.to(Requester.java:234)
	at org.kohsuke.github.GitHub.checkApiUrlValidity(GitHub.java:703)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.checkApiUrlValidity(GitHubSCMSource.java:1348)
	at org.jenkinsci.plugins.github_branch_source.GitHubSCMSource.retrieve(GitHubSCMSource.java:1401)
	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:564)
	at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:95)
	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:295)
	at hudson.model.ResourceController.execute(ResourceController.java:97)
	at hudson.model.Executor.run(Executor.java:429)
Finished: FAILURE

Even the help text says it only supports username/password combos (image attached).

The top of my config.xml file for this project is this:
<jenkins.branch.OrganizationFolder plugin="branc...@2.0.19">

It looks like this has been fixed in other places, but not this plugin:
https://issues.jenkins-ci.org/browse/JENKINS-39477
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)
Atlassian logo

jelian@gmail.com (JIRA)

unread,
Feb 5, 2019, 5:35:03 AM2/5/19
to jenkinsc...@googlegroups.com
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

bitwiseman@gmail.com (JIRA)

unread,
Apr 26, 2019, 2:00:02 PM4/26/19
to jenkinsc...@googlegroups.com

You can still use two-factor auth login without using the access_token credential type.
As a workaround, you use username/password credential type and set the password to the access_key value instead of a password. NOTE: This is the same thing github documentation says to do when accessing github from the command-line with 2FA turned on.

shaharf@gmail.com (JIRA)

unread,
Jan 27, 2020, 7:35:03 AM1/27/20
to jenkinsc...@googlegroups.com

hi Alex Gray - just checked and Liam Newman solution works great!

and btw, Liam Newman maybe this issue can be closed?
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

kusum.sam@gmail.com (JIRA)

unread,
Mar 30, 2020, 11:57:04 AM3/30/20
to jenkinsc...@googlegroups.com
kusuma t commented on Bug JENKINS-51092

Hi,

From Jenkins when we use HTTPS to connect to GitHub using Username/Password option is failing.

And from the Github documentation it is mentioned that 

Authenticating on the command line using HTTPS

After you've enabled 2FA, you must create a personal access token to use as a password when authenticating to GitHub on the command line using HTTPS URLs.

When prompted for a username and password on the command line, use your GitHub username and personal access token. The command line prompt won't specify that you should enter your personal access token when it asks for your password.

 

Can you point to exact document if we can access HTTPS/SSH using 2FA without Personal access token

 

Thanks,

Kusuma
This message was sent by Atlassian Jira (v7.13.12#713012-sha1:6e07c38)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages