search

CircleCI-Public / jira-connect-orb

Display the status of CircleCI workflows and deployments in Jira!
https://circleci.com/orbs/registry/orb/circleci/jira
MIT License
25 stars 27 forks source link

Project tokens fail with 401 "You must log in first" #39

Closed mkly closed 4 years ago

mkly commented 4 years ago

Orb version

1.1.4

What happened

verify_api_key

https://github.com/CircleCI-Public/jira-connect-orb/blob/b20a84ff0de4852b46d7c1fa6745b1891d9558ea/src/commands/notify.yml#L60

This causes project tokens to fail with a 401 "You must log in first"

Expected behavior

Either verify the token in a way that is compatible with project tokens or remove the check

mauriciojovel commented 4 years ago

You need use a personal api token

https://circleci.com/account/api

Change it and let me know if work for you.

Best.

KyleTryon commented 4 years ago

@mkly Could you please update to 1.1.6 and ensure the personal token is set? We have just pushed a patch that should ensure that you are signed in.

cskinfill commented 4 years ago

With the update referenced in this ticket, is it a project token or personnel token needed to use the jira orb? I'd prefer to use a project token, so it's not associated when my account, in case I'm no longer associated with the org in GitHub.

KyleTryon commented 4 years ago

Hello all,

I suspect actually the last patch 1.1.6 may not in fact work, I realize now we are doubling up on the token now, it was already included via a special "fetch" function. So I suspect it might have actually been working previously.

Could anyone confirm they can curl the https://circleci.com/api/v2/me endpoint manually with their token successfully and then still saw the issue (prior to the new patch)?

@cskinfill this is the same token as required previously, actually to my mistake it was already being attached to that endpoint and I had missed that, we will remove this in the next patch as we figure this out.

The API key used is used to authenticate with an endpoint that speaks with Atlassian. Project level tokens are for Read-Access only and can not be used for this task. It is suggested for some to setup a "machine" user for write-level tokens that arent tied to a specific user.

If anyone else can confirm they are unable to connect to the endpoint via curl, then it may be the wrong token was used or has expired. If that is the case we may just undo the change.

mkly commented 4 years ago

@KyleTryon My apologies, the issue was that apparently this was working with a project token before, but now it requires a personal token.

KyleTryon commented 4 years ago

@mkly No apologies necessary! There may have been a change to the endpoint the orb uses, I will investigate that.

We will undo the change from #42 in the next patch which is currently duplicating the key.

cskinfill commented 4 years ago

@KyleTryon @mkly circling back on this ... so where does this stand? Do we need a personal token now? Or going back to using a project token (per https://github.com/CircleCI-Public/jira-connect-orb/issues/39#issuecomment-611821677) ?

devintjones commented 4 years ago

Hi there, I'm still seeing this issue with a personal token: https://circleci.com/api/v2/me?circle-token=<personal token> responds with: { "message" : "You must log in first." }

However I am able to get a successful response from the v1 endpoint

Also, would like to note that the v2 docs don't seem to mention a v2/me resource.

I'm downgrading to @1.1.3 in the meantime

nicowenterodt commented 1 year ago

Any news on that? We also have problems using personal token leading to 401 "You must log in first" errors.