search

microsoft / vscode-azurestaticwebapps

Azure Static Web Apps extension for VS Code
https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azurestaticwebapps
MIT License
86 stars 33 forks source link

An error "RepositoryToken is invalid..." occurs when creating a static web app #827

Closed v-xinda closed 1 year ago

v-xinda commented 1 year ago

OS: Remote Codespaces Build Version: 20230423.1 Regression: Previous release (0.11.4)

Repro Steps:

  1. Create a Codespaces environment using ReactSite.
  2. Install Static Web App extension.
  3. F1 -> Azure Static Web Apps: Create Static Web App... -> Enter a name -> Select a region -> Select "Custom" -> Type "app" -> "build".
  4. Check whether no error occurs.

Expect: No error occurs.

Actual: An error occurs. image

More Info:

  1. This issue does not reproduce on previous release 0.11.4.
  2. This issue does not reproduce on Local codespaces and non-codespaces environments.
  3. This issue also reproduces when creating an advanced static web app.
Kizito007 commented 1 year ago

I'm having the same issue. Any progress with this?

Kizito007 commented 1 year ago

I'm having the same issue. Any progress with this?

So apparently this error happened on my browser. So when I moved the codespace to Vs Code desktop it worked fine.

alexweininger commented 1 year ago

As stated in the issue description this only reproduces when connected to a GitHub CodeSpace in a browser. I'm able to consistently reproduce this error.

In my investigation, I found that the type of token returned to the extension by the built-in VS Code GitHub authentication provider is different on browser CodeSpaces than it is everywhere else.

In a browser connected to a CodeSpace we receive "GitHub App user-to-server tokens" (prefixed with ghu_). In all other places I tested, we receive "OAuth access tokens" (prefixed by gho_) [^1]. The user-to-server tokens are created by GitHub Apps, whereas OAuth tokens are created by OAuth apps [^2].

ghu tokens have their own set of scopes different from gho tokens. I discovered that ghu tokens require the actions scope for workflow related REST API endpoints ^3. Adding the actions scope to our requested scopes does fix the issue, but what happens is this makes the GitHub authentication provider return a gho token. So an easy fix is to just request an additional scope outside of the default ghu token so that we get a gho token.

[^1]: GitHub authentication token formats: https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/ [^2]: Differences between GitHub Apps and OAuth apps https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/differences-between-github-apps-and-oauth-apps

alexweininger commented 1 year ago

Upstream issue: https://github.com/microsoft/vscode/issues/185915