[JIRA] (JENKINS-49485) jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

[jperez@veritone.com (JIRA)]

Jesse Perez created an issue

Jenkins / JENKINS-49485 jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} Issue Type: Bug Assignee: Sam Gleske Components: github-oauth-plugin Created: 2018-02-10 01:05 Labels: jenkins Priority: Critical Reporter: Jesse Perez I have been trying to get github authentication plugin working but keep getting following java dump... java.io.FileNotFoundException: https://api.github.com/user at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243) at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25) at org.kohsuke.github.Requester.parse(Requester.java:612) at org.kohsuke.github.Requester.parse(Requester.java:594) at org.kohsuke.github.Requester._to(Requester.java:272) Caused: org.kohsuke.github.GHFileNotFoundException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} at org.kohsuke.github.Requester.handleApiError(Requester.java:686) at org.kohsuke.github.Requester._to(Requester.java:293) at org.kohsuke.github.Requester.to(Requester.java:234) at org.kohsuke.github.GitHub.getMyself(GitHub.java:384) at org.kohsuke.github.GitHub.<init>(GitHub.java:158) at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:207) at org.jenkinsci.plugins.GithubAuthenticationToken.getGitHub(GithubAuthenticationToken.java:211) at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:126) at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:478) Caused: java.lang.RuntimeException at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:482) at jenkins.security.BasicHeaderRealPasswordAuthenticator.authenticate(BasicHeaderRealPasswordAuthenticator.java:56) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:79) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)   Here is what I'm doing..... Within "Configure Global Security" Select `Github Authentication Plugin` GitHub Web URI: https://github.com GitHub API URI: https://api.github.com Client ID: xxxxx Secret: xxxxx OAuth Scope(s): write:org,user:email Select `GitHub Committer Authorization Strategy` Admin User Names: <list-of-user-id>  Participant in Organization: veritone Use GitHub repository permissions: checked Grant READ permissions for /github-webhook: checked Grant READ permissions for .*/cc.xml: checked   One way to see if from jenkins server itself I could make same github REST call is.... curl 'https://api.github.com/users/jpveritone?client_id=xxxxxxxx&client_secret=yyyyyyyy' and this works. Add Comment

This message was sent by Atlassian JIRA (v7.3.0#73011-sha1:3c73d0e)

[jperez@veritone.com (JIRA)]

Jesse Perez updated an issue

Jenkins / JENKINS-49485 jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Jesse Perez

I have been trying to get github authentication plugin working but keep getting following java dump... java.io.FileNotFoundException: [ https://api.github.com/user ]

at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243) at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25) at org.kohsuke.github.Requester.parse(Requester.java:612) at org.kohsuke.github.Requester.parse(Requester.java:594) at org.kohsuke.github.Requester._to(Requester.java:272) Caused: org.kohsuke.github.GHFileNotFoundException: \{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} at org.kohsuke.github.Requester.handleApiError(Requester.java:686) at org.kohsuke.github.Requester._to(Requester.java:293) at org.kohsuke.github.Requester.to(Requester.java:234) at org.kohsuke.github.GitHub.getMyself(GitHub.java:384) at org.kohsuke.github.GitHub.<init>(GitHub.java:158) at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:207) at org.jenkinsci.plugins.GithubAuthenticationToken.getGitHub(GithubAuthenticationToken.java:211) at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:126) at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:478) Caused: java.lang.RuntimeException at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:482) at jenkins.security.BasicHeaderRealPasswordAuthenticator.authenticate(BasicHeaderRealPasswordAuthenticator.java:56) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:79) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:90) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:82) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:564) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:317) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:110) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.Invocable.invokePreferred(Invocable.java:128) at org.eclipse.jetty.util.thread.Invocable$InvocableExecutor.invoke(Invocable.java:222) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:294) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:199) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

Here is what I'm doing..... Within "Configure Global Security" Select `Github Authentication Plugin`

GitHub Web URI: [ https://github.com |https://github.com/] GitHub API URI: [ https://api.github.com |https://api.github.com/]

Client ID: xxxxx Secret: xxxxx OAuth Scope(s): write:org,user:email Select `GitHub Committer Authorization Strategy` Admin User Names: <list-of-user-id>  Participant in Organization: veritone Use GitHub repository permissions: checked Grant READ permissions for /github-webhook: checked Grant READ permissions for .*/cc.xml: checked   One way to see if from jenkins server itself I could make same github REST call is....

curl '[https://api.github.com/users/jpveritone?client_id=xxxxxxxx&client_secret=yyyyyyyy'|https://api.github.com/users/jpveritone?client_id=xxxxxxxx&client_secret=yyyyyyyy%27]  .   and this works.   I am running jenkins version 2.89.2 with github-oauth plugin 0.28.1

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske resolved as Cannot Reproduce

I provisioned Jenkins 2.89.2 with github-oauth 0.28.1. Configured the global security to use my GitHub OAuth app. Configured scopes: read:org, user:email, repo I logged in just fine.  You likely have your GitHub scopes incorrectly configured.  That's the most common misconfiguration. See also: https://developer.github.com/apps/building-oauth-apps/scopes-for-oauth-apps/

Jenkins / JENKINS-49485 jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Sam Gleske Status: Open Resolved Resolution: Cannot Reproduce

Add Comment

[jperez@veritone.com (JIRA)]

Jesse Perez reopened an issue

I changed "OAuth Scope(s)" to "read:org, user:email, repo" as you suggested and getting same java dump...   java.io.FileNotFoundException: https://api.github.com/user at com.squareup.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:243) at com.squareup.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) at com.squareup.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:25) at org.kohsuke.github.Requester.parse(Requester.java:612) at org.kohsuke.github.Requester.parse(Requester.java:594) at org.kohsuke.github.Requester._to(Requester.java:272) Caused: org.kohsuke.github.GHFileNotFoundException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} at org.kohsuke.github.Requester.handleApiError(Requester.java:686) at org.kohsuke.github.Requester._to(Requester.java:293) at org.kohsuke.github.Requester.to(Requester.java:234) at org.kohsuke.github.GitHub.getMyself(GitHub.java:384) at org.kohsuke.github.GitHub.<init>(GitHub.java:158) at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:207) at org.jenkinsci.plugins.GithubAuthenticationToken.getGitHub(GithubAuthenticationToken.java:211) at org.jenkinsci.plugins.GithubAuthenticationToken.<init>(GithubAuthenticationToken.java:126) at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:478) Caused: java.lang.RuntimeException at org.jenkinsci.plugins.GithubSecurityRealm$1.authenticate(GithubSecurityRealm.java:482)   Is there any other logs or places we can look for more clues? Thanks, Jesse

Jenkins / JENKINS-49485 jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Jesse Perez Resolution: Cannot Reproduce Status: Resolved Reopened

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} How are you running your master?  Is it possible there's a network issue blocking GitHub from your master?  e.g. hosts file, misconfigured proxy, firewall, etc. I've tested this plugin successfully running Jenkins in a docker container, my laptop, and a VM.  I'm not able to reproduce your issue.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Actually, GitHub API responded so likely not a network connectivity issue:

{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Add Comment

[a.meindl@alphanodes.com (JIRA)]

Alexander Meindl assigned an issue to Alexander Meindl

Jenkins / JENKINS-49485

jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Alexander Meindl Assignee: Sam Gleske Alexander Meindl

Add Comment

[a.meindl@alphanodes.com (JIRA)]

Alexander Meindl assigned an issue to Sam Gleske

Jenkins / JENKINS-49485 jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Alexander Meindl Assignee: Alexander Meindl Sam Gleske

Add Comment

[jperez@veritone.com (JIRA)]

Jesse Perez commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} yes, and noticed from jenkins server if I try `curl 'https://api.github.com/?client_id=xxxxxxxx&client_secret=yyyyyyyy' it works so confirming I can communicate using the given client ID and secret.  I really would appreciate some help resolving this. I cannot go the route of using SSH keys because I have dozens of repos in my guthub org and managing all the different SSH keys (one per repo) is not practical.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Your curl command is not a valid test. That's not how credentials work in GitHub. I'm still not able to reproduce this. I think it's a bug in your setup and not in this plugin.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Are you using GitHub Enterprise?

Add Comment

[jperez@veritone.com (JIRA)]

Jesse Perez commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

I am not using GitHub Enterprise.

Add Comment

[jeremystuartmarshall@gmail.com (JIRA)]

Jeremy Marshall commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

I'm also having problem with GHE and declarative pipelines     It seems ordinary users are not able to read credentials, even ones they created

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

For now, I recommend using project matrix authorization and generating jobs via something like Job DSL plugin with authorizations. At this time, GitHub authorization strategy leaves a lot to be desired.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske edited a comment on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

For now, I recommend using project matrix authorization and generating jobs via something like Job DSL plugin with authorizations.  At this time, GitHub authorization strategy leaves a lot to be desired.   In general, errors resulting for the GitHub API are usually related to improperly scoped tokens.  It needs repo, org:read, and user:email.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske edited a comment on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

For now, I recommend using project matrix authorization and generating jobs via something like Job DSL plugin with authorizations.  At this time, GitHub authorization strategy leaves a lot to be desired.  In general, errors resulting for the GitHub API are usually related to improperly scoped tokens.  It needs repo, org:read, and user:email.

I use this plugin daily (with brand new provisions) and do not encounter these errors.

Add Comment

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske closed an issue as Cannot Reproduce

Can't reproduce, this isn't an issue in the plugin. Looking at the comments it's possible the JENKINS_HOME credentials were corrupted by the admin some how. Since this is so old I doubt their Jenkins instance still has these problems.

Jenkins / JENKINS-49485

jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

Change By: Sam Gleske Status: Reopened Closed Resolution: Cannot Reproduce

Add Comment

This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

[sam.mxracer@gmail.com (JIRA)]

Sam Gleske commented on JENKINS-49485

Re: jenkin crashes with {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"} The github authorization feature of the github-oauth plugin needs a complete rewrite. The rewrite is tracked in JENKINS-27844.

Add Comment