search

condemil / gist

Sublime Text plugin for creating new Gists from selected text
MIT License
726 stars 137 forks source link

Token code returns 401 #168

Closed moltar closed 7 years ago

moltar commented 8 years ago

The example code for generating a token for GitHub returns 401.

rudiedirkx commented 8 years ago

Which method are you trying? The curl method worked for me. (I skipped -v though.)

curl -u USERNAME -X POST https://api.github.com/authorizations --data "{\"scopes\":[\"gist\"], \"note\": \"SublimeText 2/3 Gist plugin\"}"

It returns this if your username/password is wrong:

{
  "message": "Bad credentials",
  "documentation_url": "https://developer.github.com/v3"
}
moltar commented 8 years ago

I'm copy-pasting the password from the password manager, so I'm 99.9% positive it is correct.

curl -v -u moltar -X POST https://api.github.com/authorizations --data "{\"scopes\":[\"gist\"], \"note\": \"SublimeText 2/3 Gist plugin\"}"
Enter host password for user 'moltar':
*   Trying 192.30.252.126...
* Connected to api.github.com (192.30.252.126) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.github.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
* Server auth using Basic with user 'moltar'
> POST /authorizations HTTP/1.1
> Host: api.github.com
> Authorization: Basic REDACTED
> User-Agent: curl/7.43.0
> Accept: */*
> Content-Length: 58
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 58 out of 58 bytes
< HTTP/1.1 401 Unauthorized
< Server: GitHub.com
< Date: Mon, 19 Oct 2015 15:00:58 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 170
< Status: 401 Unauthorized
< X-GitHub-OTP: required; app
< X-GitHub-Media-Type: github.v3
< X-RateLimit-Limit: 60
< X-RateLimit-Remaining: 58
< X-RateLimit-Reset: 1445270452
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: deny
< Content-Security-Policy: default-src 'none'
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< X-GitHub-Request-Id: 607FEECC:65C6:387F654:562505AA
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Content-Type-Options: nosniff
* The requested URL returned error: 401
* Closing connection 0
curl: (22) The requested URL returned error: 401
rudiedirkx commented 8 years ago

That's weird. There's no response body? 401 usually means wrong password. Mine says this for wrong password:

* upload completely sent off: 58 out of 58 bytes
< HTTP/1.1 401 Unauthorized
* Server GitHub.com is not blacklisted
< Server: GitHub.com
< Date: Mon, 19 Oct 2015 17:21:26 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 93
< Status: 401 Unauthorized
< X-GitHub-Media-Type: github.v3
< X-RateLimit-Limit: 60
< X-RateLimit-Remaining: 58
< X-RateLimit-Reset: 1445278878
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: deny
< Content-Security-Policy: default-src 'none'
< Access-Control-Allow-Credentials: true
< Access-Control-Expose-Headers: ETag, Link, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval
< Access-Control-Allow-Origin: *
< X-GitHub-Request-Id: D57FE79B:161CA:CF450DD:56252696
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Content-Type-Options: nosniff
<
{
  "message": "Bad credentials",
  "documentation_url": "https://developer.github.com/v3"
}
* Connection #0 to host api.github.com left intact

So it's almost the same, but not quite... Dunno why. Same command works for me. Special kind of user/organization?

moltar commented 8 years ago

That's weird. There's no response body? 401 usually means wrong password.

I pasted as is, just redacted the digest.

So it's almost the same, but not quite... Dunno why. Same command works for me. Special kind of user/organization?

Nope, just a normal user, no org.

sebastienbarre commented 8 years ago

Could it be related to two-factor auth?

{
  "message": "Must specify two-factor authentication OTP code.",
  "documentation_url": "https://developer.github.com/v3/auth#working-with-two-factor-authentication"
}
moltar commented 8 years ago

Ah, yes, could be. I have 2 factor enabled.

condemil commented 7 years ago

Readme file now have the information how to generate token with enabled one time password.