Until a few days ago I was deploying my html on Github pages with:
ng deploy --base-href=/documentation/
Today I get this error: "remote: Support for password authentication was removed on August 13, 2021. Please use a personal access token instead.
remote: Please see https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information.
fatal: unable to access 'https://github.com/BioComputingUP/ProSeqViewer-documentation.git/': The requested URL returned error: 403"
I have set a token on my github settings, but I don't understand how to use it to deploy my pages. How should this be done?
I discovered 2 ways:
use the token when the IDE prompt asks for the password. I have tested this end it works.
set keys. (I have not tested this).
Related
I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?
I can ask this question in many ways, like
How to configure Jenkins credentials with Github Personal Access Token
How to clone Github repo in Jenkins using Github Personal Access Token
So this is the problem
The alternate solution that I am aware of
SSH connection
username password configuration in Jenkins. However,
use of a password with the GitHub API is now deprecated.
But My question is how to setup Github connection with Jenkins using Personal Access Token
[UPDATE]
The new solution proposed by git is
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Which says:
Beginning August 13, 2021, we will no longer accept account passwords
when authenticating Git operations and will require the use of
token-based authentication, such as a personal access token (for
developers) or an OAuth or GitHub App installation token (for
integrators) for all authenticated Git operations on GitHub.com. You
may also continue using SSH keys where you prefer.
What you need to do:
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/#what-you-need-to-do-today
Basically, change the add URL as
https://<access token>#github.com/<userName>/<repository>.git
Something like this
https://<access token>#github.com/dupinder/NgnixDockerizedDevEnv.git
and set the credentials to none.
Thanks to #Gil Stal
[OLD Technique]
After many discussion on multiple threads from Stackoverflow
I found one thread that is useful.
Refer to this answer:
https://stackoverflow.com/a/61104603/5108695
Basically
Personal access token can be used as a password, as far as Jenkins is concerned at least. I added new credentials to the credential manager.
Go to Jenkins
Go to credentials > System > Global credentials > Add credentials a page will open.
In Kind drop-down select Username and password.
In User put a non-existing username like jenkins-user or user.
Add Personal Access Token in the password field
Now start configuring your project.
source code management tab, select new configured credentials from Drop-down near credential Under Repository URL
So this is how we can configure or setup Authentication between Jenkins and Github using Personal Access Token
References:
Git Clone in Jenkins with Personal Access Token idles forever
Change jenkins pipeline to use github instead of gitlab
The accepted answer wont work anymore because of this: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations.
You will need to:
Change the URL of the repo to: https://<access token>#github.com/<user-name>/<repo-name>.git (Replace every <...> with the real parameters)
Set the credentials to none.
As of August 2021 the answer posted by Dupinder Singh is accurate. The only thing I would add is that if you are part of a team, the url format appears to be a bit different. This is what worked for me:
https://<access token>#github.com/<team>/<repo>.git
for example
https://ghp_6dh3jdk394jsmbh299jjdg20fh87hd83ksk39#github.com/MyKuleTeam/KuleGuyCode.git
Note that if you use a personal access token you don't need to have any github credentials stored in jenkins.
As for credentials for Jenkins Github Plugin, please be aware only Personal access tokens are now accepted by this plugin.
To generate such a token, follow the Github docs (e.g. here). Don't save it, it can be regenerated in Github and updated in Jenkins if lost or when migrating to a different server.
To add the token do Jenkins credentials store, go to <JENKINS_URL:PORT>/credentials/store/system/domain/_/newCredentials and select Kind "Secret text" (not the default "Username and password"), then paste the token as Secret and choose some ID.
Testing: the credential should appear on the list of Credentials at <JENKINS_URL:PORT>/credentials/ and be selectable from the drop-down list at <JENKINS_URL:PORT>/configure/, where pressing the "Test connection" button should display "Credentials verified for user <GITHUB_USER>".
More info: see the Github plugin docs.
Caveats: Git Plugin has its long-standing issues, so if the newly created "Secret text" does not appear in your pipelines, try if this solution helps (with "the user who triggered the build" considered safer than "SYSTEM"):
client-and-managed-masters/why-credentials-are-not-listed-in-the-git-scm-section
There is (yet another) way to do this as of 2020/04 which is supposed to be superior to personal access tokens. The best part is that you can continue using a username/password-style credential, and the plugin will handle authenticating with GitHub in the background.
Benefits include:
Larger rate limits - The rate limit for a GitHub app scales with your organization size, whereas a user based token has a limit of 5000 regardless of how many repositories you have.
User-independent authentication - Each GitHub app has its own user-independent authentication. No more need for 'bot' users or figuring out who should be the owner of 2FA or OAuth tokens.
Improved security and tighter permissions - GitHub Apps offer much finer-grained permissions compared to a service user and its personal access tokens. This lets the Jenkins GitHub app require a much smaller set of privileges to run properly.
Access to GitHub Checks API - GitHub Apps can access the the GitHub Checks API to create check runs and check suites from Jenkins jobs and provide detailed feedback on commits as well as code annotation
Links:
https://www.jenkins.io/blog/2020/04/16/github-app-authentication/
https://github.com/jenkinsci/github-branch-source-plugin/blob/master/docs/github-app.adoc
A few months ago I created a private npm feed in Azure Artifacts. Authentication with this feed worked fine.
Recently others have started using this feed and authentication is not working for them using the tokens they have generated from Azure Artifacts. When npm installing they get the following error
npm ERR! Unable to authenticate, your authentication token seems to be
invalid. npm ERR! To correct this please trying logging in again with:
npm ERR! npm login
In the npm debug log there is this error
verbose stack Error: Unable to authenticate, need: Bearer, Basic realm="{{redacted url}}", NTLM
It appears that the structure of the authentication token which we put in the global .npmrc file has changed in Azure Artifacts
From:
; Treat this auth token like a password. Do not share it with anyone, including Microsoft support. This token expires on or before 27/02/2020.
; begin auth token
//{{redacted URL}}/_packaging/{{redacted user name}}/npm/registry/:_authToken={{redacted token string}}
//{redacted URL}}/_packaging/{{redacted user name}}/npm/:_authToken={{redacted token string}}
; end auth token
To
; Treat this auth token like a password. Do not share it with anyone, including Microsoft support. This token expires on or before 14/04/2020.
; begin auth token
//{{redacted url}}/npm/registry/:username={{redacted username}}
//{{redacted url}}/npm/registry/:_password={{redacted password}}
//{{redacted url}}/npm/registry/:email=npm requires email to be set but doesn't use the value
//{{redacted url}}/_packaging/{{redacted username}}/npm/:username={{redacted user name}}
//{{redacted url}}/_packaging/{{redacted username}}/npm/:_password={{redacted password}}
//{{redacted url}}/_packaging/{{redacted username}}/npm/:email=npm requires email to be set but doesn't use the value
; end auth token
When the second token is used (or indeed any of the tokens I now generate from Azure Artifacts), we cannot npm install, we get the error shown above. If other people use the same token (in the old format) as I have, this works fine. But this token will expire soon.
I have tried providing an email address instead of the strings "npm requires email to be set but doesn't use the value" but this also did not work.
This may be unrelated but we recently upgraded from tfs version 16.131.28507.4 to Azure Devops Server version Dev17.M153.3.
Does anyone know why the authentication token format has changed? And/Or how I can make the new tokens work with my private feed?
npm version: 6.13.0
node version: 10.12.0
Azure Devops Server version: Dev17.M153.3
After further investigation and a conversation with Microsoft Azure support we determined what was causing the issue for us.
The new format of tokens which have been rolled out for Azure Artifacts no longer work if your instance of TFS (Azure Devops) is hosted on a machine which is running IIS Basic Authentication. This probably then only applies to people hosting their TFS instance themselves on premises.
The only workaround available is to modify this new token and put a TFS user’s username and base 64 encoded password into the token string after the registry/:username= and registry/:_password= strings in the two places that these appear. This is not ideal as you effectively have to store a password in almost plain text on your build server.
But it seems that is now your only choice if you do need IIS Basic Authentication enabled. Disabling this and using a different authentication scheme does fix the token authencation and you can avoid having to do the above.
I'm not sure if this causes your problem - on our azure devops instance, we recently had conditional access enabled, which can disable a lot of the PAT/token based authentication streams without a clear error message - e.g. if you are using the token outside of your normal machine/access route (we were passing a token to a build service that we couldn't use 2FA to authenticate from, and it just stopped working overnight)
I was using this code until yesterday:
$gaemail = 'my email';
$gapassword = 'my password';
$gaprofileid = 'my profile id';
require 'gapi.php';
$ga = new gapi($gaemail,$gapassword);
Today it started giving me the error:
Exception: GAPI: Failed to authenticate user.
Error: "https://developers.google.com/accounts/docs/AuthForInstalledApps " in C:\wamp\www\projects\gapi.php on line 418
Was there any changes recently regarding the authentication process?
See: GAPI: Failed to authenticate user. Permanent fix PHP
GAPI hasn't been worked on since 2009. It also appears to use client
login which was discontinued / shutdown on April 20 2015. You can no
longer use client login with Google Analytics API, you need to switch
to Oauth2 or a service account. So either the author of that project
needs to fix his code, it appears to be an open source project so you
could probably fix it for him.
You have a couple of choices. Looks like the latest version of GAPI now has oauth support - see: https://github.com/erebusnz/gapi-google-analytics-php-interface or use the Google API PHP Client (https://github.com/google/google-api-php-client).
Version 2.0 on GitHub of the GAPI has been released which support OAuth2 authentication. Google has disabled all other forms of authentication.
Note that OAuth2 will require you to create a 'service account' and then download a P12 file to upload to the server. Finally you will need to adjust the developers console, enable 'analytics API'. Finally give this new user 'Read and Analyse' permissions on the Google Analytics accounts you want to access.
We have done a fair amount of work and have come pretty close to getting Jenkins to automatically kick off a build when a push is made into Github. However, Github is logging an error from Jenkins when attempting to post to the Github plugin webhook as follows:
Error 401 Either no such user 'CN=Github Account,OU=Jenkins,OU=Applications,DC=mydomain,DC=com' or incorrect password; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece?]
We have LDAP enabled in our environment to allow for active directory logins. An account called "github" has been created on our domain and authorized as a Jenkins user. We are able to manually login to Jenkins by punching in the username and password for this account and it works as expected. The "github" account has been authorized on the project for READ and BUILD directives on the job.
On Github, the push webhook has the url defined as follows:
http://github:password#jenkins.mydomain.com:8080/github-webhook/
We can confirm that the push event effectively triggers the post to the URL, but the response is a 401 with error details as described above. We know the account is valid and the password is correct, but we are stuck because we cannot understand why Jenkins suggests that it is invalid.
We have used the following link, among many others as a guide:
http://fourkitchens.com/blog/2011/09/20/trigger-jenkins-builds-pushing-github
As far as we can tell, the only difference between our configuration and those of others who have posted about their success on blogs and here on Stackoverflow is our use of LDAP authentication.
Does anyone have any guidance to help us overcome this hurdle? Currently, we can successfully run a build manually, so our communication TO Github FROM Jenkins is tip top. But Github back to Jenkins is a frustrating no-go.
This is now working. Here is what went wrong. When configuring the following string, pay careful attention to both the username and password:
http://github:password#jenkins.mydomain.com:8080/github-webhook/
In our case, the password contained special characters that Jenkins was tripping over. Usernames and passwords with special characters must be URL encoded or the authentication will fail. For example, the following password
!test+pw
must be URL encoded as follows:
%21test%2Bpw