Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error creating pull request: Unauthorized (HTTP 401) #491

Closed
pwaller opened this issue Feb 20, 2014 · 11 comments
Closed

Error creating pull request: Unauthorized (HTTP 401) #491

pwaller opened this issue Feb 20, 2014 · 11 comments

Comments

@pwaller
Copy link

pwaller commented Feb 20, 2014

With apologies to @mislav, I'm reviving #83, #413, #412, #435.

I'm reviving it because this has broken my (and others in my org) ability to use hub at all for months and I wasn't aware of the workarounds available in the above linked issues. I had assumed something had broken in my environment.

It broke for me because as a security precaution I clobbered all of my existing OAUTH tokens, which were originally generated by signing in at the command line. I expected the previous process (enter credentials at the command line) to work, but it doesn't any more, with no explanation as to why.

I did try to generate a "personal access token" and enter it when hub prompted me for a password but of course that didn't work. I expected it to work because of the description "They can be used instead of a password for Git over HTTPS, or can be used to authenticate to the API over Basic Authentication". But it doesn't.

The current experience is: hub pull-request, enter credentials, enter message, wait a few seconds, etc.

Error creating pull request: Unauthorized (HTTP 401)

Please close this issue once it is fully resolved such that the user experience at the command line is not broken, otherwise it's hard to teach newbies to use hub. One has to know that having 2FA enabled means you have to generate a token and edit a config file which is not at all apparent from the UI.
@pwaller
Copy link
Author

pwaller commented Feb 20, 2014

I'm running the latest tagged version 1.11.2. I also can't find a ~/.config/hub file, curiously. So I don't understand how it is even trying to authenticate.

@mislav
Copy link
Owner

mislav commented Feb 20, 2014
edited
Loading

@pwaller I'm sorry you had troubles authenticating. Let's start from the beginning: what is the outcome that you get when hub asks you for your GH credentials? It should ask you for username, password (your actual GH password; never stored), and 2FA code if you have that enabled. Does it ask you for all three, and fails after that? Is the error message that you pasted the full error output?

After you entered your actual GH credentials + 2FA code, even if the pull-request operation ultimately failed, can you check did hub manage to create a token for itself? It should be visible under Personal access tokens, and its name should simply be "hub" with "repo" scope.

Ultimately, if you're still blocked on this, here is how you can provide auth info to hub manually:

  1. Create a Personal Access Token (like you did already). This acts as an OAuth token

  2. Save the following information in ~/.config/hub:

    github.com:
- user: pwaller
  oauth_token: ACCESS_TOKEN

@pwaller
Copy link
Author

pwaller commented Feb 20, 2014

Hi @mislav,

When I wrote this post I got it working by making .config/hub as you've described.

I've just realised that I have GITHUB_PASSWORD set to an access token, and that's why it was failing without prompting me to login. I recall that I tried unsetting $GITHUB_PASSWORD and supplying a token at the commandline when prompted for a password but that didn't work. It would be great if either of these things worked.

@mislav
Copy link
Owner

mislav commented Feb 20, 2014

Right now, hub is designed in a way that it doesn't want you to manually create an access token and pass it to it. It wants to exchange your real credentials for an OAuth token so you don't have to go through manual steps. In the future, we might add extra authentication features for pasting a Personal access token.

@mislav mislav closed this as completed Feb 20, 2014
@pwaller
Copy link
Author

pwaller commented Feb 20, 2014

The problem is that from the command line it isn't obvious what hub needs you to do if you have 2FA enabled, if I'm understanding correctly. That lead to a broken experience, and caused me to not use hub for several months after using it for years.

@mislav
Copy link
Owner

mislav commented Feb 20, 2014

From what I understood, the problem was that when hub asked you for your actual GitHub password, you provided the Personal access token (which is not a stand-in for a password always), either by pasting it or via $GITHUB_PASSWORD. Is that correct?

if so, it doesn't sound like hub was broken. It just sounds you were doing auth the wrong way.

How would you like me to solve this issue? Detect whether you tried to use a Personal access token in the wrong place, and warn you about it?

@pwaller
Copy link
Author

pwaller commented Feb 20, 2014

Hm. I guess the actual problem in my case is that other utilities work with GITHUB_PASSWORD being an oauth token, and that was what confused me. Maybe it would have helped if upon seeing "Unauthorized" it could have told me it got the credentials from the environment. I was quite mystified as to why it wasn't working at all.

I think at some point I figured out to unset GITHUB_PASSWORD, and tried passing my password on the CLI (which didn't work because 2FA), and when that didn't work I tried an oauth token on the CLI and that didn't work either. Then I concluded that it was a bug with hub and it would get fixed eventually, which it didn't, which was why I posted here. Maybe this is just my problem but not working with 2FA in an obvious manner from the command line is an issue.

@mislav
Copy link
Owner

mislav commented Feb 20, 2014

OK, so the actual problem of hub is that it's not user-friendly enough when it comes to auth issues.

Yeah, other utilities can work with a password being an OAuth token if they use Basic Authentication for the API. We don't, however. I just realized we had this discussion in #463. We should improve the situation around this. Follow that ticket for updates.

@pwaller
Copy link
Author

pwaller commented Feb 20, 2014

👍

greg-1-anderson added a commit to greg-1-anderson/hub that referenced this issue Nov 3, 2016
@greg-1-anderson
Add authentication instructions to README
ea6a0d5 
Authentication options are discussed in mislav#491 and mislav#463; it would be good to have some of this information in the README as well.
@greg-1-anderson greg-1-anderson mentioned this issue Nov 3, 2016
Closed
@viktornordling
Copy link 

github.com:
- user: pwaller
- oauth_token: ACCESS_TOKEN

This led me astray. Should be:

 github.com:
 - user: pwaller
   oauth_token: ACCESS_TOKEN

Hopefully this helps someone, five years later! 😂

@hackaprende
Copy link

@pwaller I'm sorry you had troubles authenticating. Let's start from the beginning: what is the outcome that you get when hub asks you for your GH credentials? It should ask you for username, password (your actual GH password; never stored), and 2FA code if you have that enabled. Does it ask you for all three, and fails after that? Is the error message that you pasted the full error output?

After you entered your actual GH credentials + 2FA code, even if the pull-request operation ultimately failed, can you check did hub manage to create a token for itself? It should be visible under Personal access tokens, and its name should simply be "hub" with "repo" scope.

Ultimately, if you're still blocked on this, here is how you can provide auth info to hub manually:

  1. Create a Personal Access Token (like you did already). This acts as an OAuth token
  2. Save the following information in ~/.config/hub: 
    github.com:
- user: pwaller
  oauth_token: ACCESS_TOKEN

How do I create the Personal Access Token?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mislav @viktornordling @pwaller @hackaprende