failure to login to GitHub

[varioustoxins]

I seem to be no longer able to login to GitHub either using tokens or login

have installed and uninstalled and refreshed tokens

tokens have these permissions

gist, read:org, read:user, repo, user:email, workflow

Plugin version: 2024.2.1 [seems to occur after latest update] IDE: PyCharm OS: macOS Sonoma

Upvote & Fund

• We're using Polar.sh so you can upvote and help fund this issue.
• We receive the funding once the issue is completed & confirmed by you.
• Thank you in advance for helping prioritize & fund our backlog.

[dmitri-danilov]

Having the same issue (and the same setup!) - was just going to report it and discovered I'm not the only one. One interesting observation - other (worse) plugins with similar functionality still work.

[cunla]

Thanks for reporting. I'll address it this weekend

[cunla]

which version of pycharm are you using?

[varioustoxins]

2024.1 BUILD #PY-241.14494.241 professional

Dr Gary S Thompson NMR Facility Manager CCPN CoI & Working Group Member Wellcome Trust Biomolecular NMR Facility School of Biosciences, Division of Natural Sciences University of Kent, Canterbury, Kent, England, CT2 7NZ

☎:01227 82 7117 ✉️: @.*** orchid: orcid.org/0000-0001-9399-7636

On 12 Jun 2024, at 15:37, Daniel M @.***> wrote:

CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

which version of pycharm are you using?

— Reply to this email directly, view it on GitHubhttps://github.com/dsoftwareinc/ghactions-manager/issues/164#issuecomment-2163182575, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA3UD6I6K5OFIEBCRHKYJTLZHBMJHAVCNFSM6AAAAABJF2BWKKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRTGE4DENJXGU. You are receiving this because you authored the thread.Message ID: @.***>

[cunla]

• If you checkout any open-source open repository, can you see its workflows?
• Can you provide the relevant logs of pycharm? (Help -> sHOW logs -> all lines with com.dsoftware...
• Can you access the other repositories you have defined? (I see in the snapshot you have 4 repositories)
• If you use github settings -> can you remove the account and re-login and check?

I suspect that the organization hosting these repositories is preventing using GitHub REST API and that's why you are getting this message, though I need further information to be 100% sure.

If that is the case, you need to approach your GitHub org admin to enable using REST API.

[vladimir-ilnytskyi]

Have same issue with GH Actions manager 2024.2.1 on rider on arm64 mac : Build #RD-241.15989.179, built on May 6, 2024.

I can access git with added GH user in rider, but GH actions ask for auth.

[cunla]

If you generate a custom token with access to REST API and configure it instead of using GitHub settings, does it work?

[dmitri-danilov]

Same error, irrespectively of whether GitHub settings or GitHub token is used in config. Token verified with Postman and GitHub /repos/{org}/{repo}/actions/runs endpoint - expected results returned. Logs from PyCharm:

2024-06-13 23:58:22,225 [29409189] INFO - #com.dsoftware.ghmanager.data.WorkflowRunListLoader - Updating collaborators list: https://api.github.com/repos/handwai-org/handwai-web/collaborators?page=1&per_page=100 2024-06-13 23:58:22,225 [29409189] INFO - #com.dsoftware.ghmanager.data.WorkflowRunListLoader - Updating workflow types: https://api.github.com/repos/handwai-org/handwai-web/actions/workflows?page=1&per_page=100 2024-06-13 23:58:22,225 [29409189] INFO - #com.dsoftware.ghmanager.data.WorkflowRunListLoader - Calling https://api.github.com/repos/handwai-org/handwai-web/actions/runs?page=1&per_page=30 2024-06-13 23:58:22,225 [29409189] INFO - #com.dsoftware.ghmanager.data.WorkflowRunListLoader - Updating branches list: https://api.github.com/repos/handwai-org/handwai-web/branches?page=1&per_page=100 2024-06-13 23:58:22,679 [29409643] WARN - #com.dsoftware.ghmanager.data.WorkflowRunListLoader - Error loading workflow runs from https://api.github.com/repos/handwai-org/handwai-web/actions/runs?page=1&per_page=30 2024-06-13 23:58:22,682 [29409646] WARN - #com.dsoftware.ghmanager.ui.panels.wfruns.WorkflowRunsListPanel - Got error when getting workflow-runs: org.jetbrains.plugins.github.exceptions.GithubAuthenticationException: Request response: Access to this site has been restricted. If you believe this is an error, please contact https://support.github.com.

[varioustoxins]

Hi

My repo is open source

https://github.com/varioustoxins/NEF-Pipelines [NEF-Pipelines.png] varioustoxins/NEF-Pipelines: Nef toolshttps://github.com/varioustoxins/NEF-Pipelines github.comhttps://github.com/varioustoxins/NEF-Pipelines

regards Gary

Dr Gary S Thompson NMR Facility Manager CCPN CoI & Working Group Member Wellcome Trust Biomolecular NMR Facility School of Biosciences, Division of Natural Sciences University of Kent, Canterbury, Kent, England, CT2 7NZ

☎:01227 82 7117 ✉️: @.*** orchid: orcid.org/0000-0001-9399-7636

On 13 Jun 2024, at 19:23, Daniel M @.***> wrote:

CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

• If you checkout any open-source open repository, can you see its workflows?
• Can you provide the relevant logs of pycharm? (Help -> sHOW logs -> all lines with com.dsoftware...
• Can you access the other repositories you have defined? (I see in the snapshot you have 4 repositories)
• If you use github settings -> can you remove the account and re-login and check?

I suspect that the organization hosting these repositories is preventing using GitHub REST API and that's why you are getting this message, though I need further information to be 100% sure.

If that is the case, you need to approach your GitHub org admin to enable using REST API.

— Reply to this email directly, view it on GitHubhttps://github.com/dsoftwareinc/ghactions-manager/issues/164#issuecomment-2166503299, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA3UD6PCOLJVOAVCDZQQ6YDZHHPS7AVCNFSM6AAAAABJF2BWKKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRWGUYDGMRZHE. You are receiving this because you authored the thread.Message ID: @.***>

[cunla]

Hi,

There are 2 different issues at play.

@dmitri-danilov - As you can see on the logs, the issue is clearly the permissions of the token you are using. The requests to get branches/workflows/collaborators pass while the request to get runs gives an error. I recommend creating a new token manually (GitHub Account settings -> Developer settings -> Personal Access Tokens -> Classic -> Check repo permissions. See here

OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint with a private repository.

Alternatively, if you want to use fine-grained token:

Fine-grained access tokens for "List workflow runs for a workflow" This endpoint works with the following fine-grained token types: GitHub App user access tokens GitHub App installation access tokens Fine-grained personal access tokens

@varioustoxins -

• The repo in the snapshot is different than the repo you sent, but I assume the one in the snapshot is this one which is also open-source.
• For the repo you sent, one does not need any token to view the workflow-runs (just go to: https://api.github.com/repos/varioustoxins/NEF-Pipelines/actions/runs) - so I doubt there are issues with the plugin viewing runs for it. Assuming the other one is also opwn-source, then similarly, https://api.github.com/repos/varioustoxins/PyNMRSTAR/actions/runs shows the workflow-runs without a token (there are no workflow runs).
• I also cloned the repos and can see workflow runs on my pycharm. (see snapshot below)
• Therefore, the issue you are experiencing is different.
• Would you mind scheduling a quick debugging session with me to understand the issue better? my email daniel at moransoftware.ca

[dmitri-danilov]

@dmitri-danilov - As you can see on the logs, the issue is clearly the permissions of the token you are using. The requests to get branches/workflows/collaborators pass while the request to get runs gives an error. I recommend creating a new token manually (GitHub Account settings -> Developer settings -> Personal Access Tokens -> Classic -> Check repo permissions. See here

I have given the token all permission there were apart from deleting repos. This is Postman configured to use that same token in the 'Authorization' header and pulling workflow runs using the same URL as in the logs:

[cunla]

@dmitri-danilov Ok, this helps. I believe I figured out your issue. How come you have token ghp_... and not Bearer ghp_... in your Authorization header? Is this custom settings? If you change it to Bearer ghp_... does it work?

The plugin uses com.intellij.util.io.HttpSecurityUtil.createBearerAuthHeaderValue which creates Bearer ... header which is based on GitHub documentation

[dmitri-danilov]

@dmitri-danilov Ok, this helps. I believe I figured out your issue. How come you have token ghp_... and not Bearer ghp_... in your Authorization header? Is this custom settings? If you change it to Bearer ghp_... does it work?

The plugin uses com.intellij.util.io.HttpSecurityUtil.createBearerAuthHeaderValue which creates Bearer ... header which is based on GitHub documentation

Just tried with Bearer:

I think I googled a couple of examples where it was "token" yesterday which surprised me because documentation clearly said "Bearer". Then I was silly enough to ask ChatGPT and it also said "token". :)) As we can see, both appear to be supported and surprisingly, both are working. Wondering if they retained support for "token" for backward compatibility or something.

[dmitri-danilov]

Hey Dan,

I have found the root cause and you are not gonna believe this. I have set up a local HTTP proxy to trace and compare HTTP requests produced by your plugin and by Postman. Soon I discovered that the problem was caused by the value of the "User-Agent" header - "Intellij IDEA Github Plugin"! If I remove the header altogether or change even a single char in it - it works, if I restore it to the original value - 403 error is returned. So it really looks like "Intellij IDEA Github Plugin" User-Agent is blacklisted in GitHub API for whatever reason.

You are welcome :)

[cunla]

Unbelievable!!! What I don't get is how does it work for others? Are you using classic tokens or fine grained tokens? Do you mind trying the other option? I will update it to not use user agent but I will reach out to GitHub as well.

[cunla]

Also @dmitri-danilov , please write me an email so I can send you a discount code for the paid version. Daniel at moransoftware.ca

[cunla]

I pushed a fix and submitted a new version that allows changing the user-agent in the plugin settings. Thanks again for reporting this and helping to debug the root cause.

[cunla]

[vladimir-ilnytskyi]

Hey, in my org settings i have this only related to jetbrains products:

[varioustoxins]

Fixed for me now ;-)

regards Gary

Dr Gary S Thompson NMR Facility Manager CCPN CoI & Working Group Member Wellcome Trust Biomolecular NMR Facility School of Biosciences, Division of Natural Sciences University of Kent, Canterbury, Kent, England, CT2 7NZ

☎:01227 82 7117 ✉️: @.*** orchid: orcid.org/0000-0001-9399-7636

On 15 Jun 2024, at 20:57, vladimir-ilnytskyi @.***> wrote:

CAUTION: This email originated from outside of the organisation. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Hey, in my org settings i have this only related to jetbrains products:

image.png (view on web)https://github.com/dsoftwareinc/ghactions-manager/assets/94364525/aec7abd7-9a12-4635-b8b1-753892323233

— Reply to this email directly, view it on GitHubhttps://github.com/dsoftwareinc/ghactions-manager/issues/164#issuecomment-2170614243, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AA3UD6ITZJSZDVB663ZDTFDZHSMENAVCNFSM6AAAAABJF2BWKKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNZQGYYTIMRUGM. You are receiving this because you were mentioned.Message ID: @.***>

[cunla]

Great! Thanks for reporting the bug!