"Connect your Github Account" fails to load Github repos, 403 Error in console, AFTER credentials are saved. #17932
Comments
Mbd06b
added
the
kind/bug
che-bot
added
the
status/need-triage
l0rd
added
status/analyzing
|
I am wondering if that is supposed to work as you are expecting @Mbd06b. One thing is an admin configuring github as an identity provider (let keycloak delegate users authentication to GitHub) and another thing is a user connecting to his GitHub account (authorizing Che to retrieve the GitHub repositories of a given user). What I mean is that you should be able to connect your GitHub account even without configuring GitHub as an identity provider. Not sure who can help here: @akurinnoy @olexii4 do you know if "connect to GitHub account" in the dashboard is supposed to work. |
I believe it's required to configure GitHub identity provider in any case. @davidfestal Maybe you know about the configuration property that may lead to
? |
|
I confirm that the GitHub authentication works fine except the loading time: #15718 |
|
Nevermind... I got prompt itself to appear on Firefox, and in an Incognito browser in Chrome after clearing cookies. I got too excited, closed, and now reopened the ticket. The issue is definitely after the credentials have been saved in the browser. Clicking the button and the error are triggered, I expect when the client tries to query the repositories. |
Mbd06b
changed the title
Mbd06b
changed the title
|
Could this be related ? #7899 (comment)
My console error is showing /api/oauth/: Is there a "Mappers" config missing in the docs? I'm not seeing any documentation or much discussion on Mappers. https://www.eclipse.org/che/docs/che-7/end-user-guide/configuring-github-oauth/
|
I don't think so. The issue is related to Che 6.x
The url in the error message points to the
It works for me without any mappers. |
|
Issues go stale after Mark the issue as fresh with If this issue is safe to close now please do so. Moderators: Add |
che-bot
added
the
lifecycle/stale
|
Closing as this functionalitly should be replaced by #17954 with the new dashboard |
Describe the bug
[UPDATE] ( After successfully saving Github OAuth Credentials in the Github prompt)
When clicking "Connect your Github account" in Add Projects to browse projects in Github. the pop-up flashes, the repositories fail to load, and che throws a 403 error in the console.
""Client [che-public] not authorized to retrieve tokens from identity provider [github]."},"status":403,"
Keycloak log: (kubectl logs pod/keycloak-c5b98d95f-lk2bt -n che)
(Same as Keycloak.log output below)
Keycloak Settings for Github Identity Provider
Some of the configurations look a little different from the documentation because I've been looking at some old closed issues trying to fix this one. See: #9399
Documentation on Github OAuth here... https://www.eclipse.org/che/docs/che-7/end-user-guide/configuring-github-oauth/
doesn't match what my keycloak instance looks like as seen above.
There is a "Mappers" tab. Is there missing configuration? I've tried some role mapping without success.
Che version
Steps to reproduce
Expected behavior
Runtime
kubectl version)Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-26T20:32:49Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.15", GitCommit:"2adc8d7091e89b6e3ca8d048140618ec89b39369", GitTreeState:"clean", BuildDate:"2020-09-02T11:31:21Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Screenshots
Installation method
(I don't know exactly, but I did use microk8s context, multiuser, tls, and helm)
chectl versioncommandchectl/7.17.0 linux-x64 node-v10.22.0
Environment
Eclipse Che Logs
logs from keycloak.log
^[[0m^[[33m03:47:19,928 WARN [org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default task-2) Truststore is disabled ^[[0m^[[33m03:47:21,638 WARN [org.keycloak.events] (default task-2) type=IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR, realmId=che, clientId=null, userId=null, ipAddress=127.0.0.1, error=Client [che-public] not authorized to retrieve tokens from identity provider [github]. ^[[0m^[[31m03:47:21,638 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-2) Client [che-public] not authorized to retrieve tokens from identity provider [github]. ^[[0m^[[33m04:05:41,455 WARN [org.keycloak.events] (default task-2) type=REFRESH_TOKEN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=127.0.0.1, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secretAdditional context
This is a multi-user installation.
I also added my Github OAuth client id, and secret to the configmap (as described for a single-user install) in an unsuccessful attempt to get things working.
The "Authorization Callback URL" in Github, is a copy/paste of the, Redirect URI in Keycloak as shown above..
The text was updated successfully, but these errors were encountered: