-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticate with Github #49
Comments
This is not possible as of now. Labelling it as an enhancement request. |
One alternative would be to allow users to enter OAuth tokens directly in CCMenu. This page describes how you'd get the token: https://github.com/blog/1509-personal-api-tokens. This is less convenient for the user but a lot more easy to implement in CCMenu. Would it be a reasonable workaround? |
My team's workaround has been to create a read only 'ccmenu' user on our CI server that every developer can use to connect to CCMenu. |
@erikdoe That would definitely be reasonable to me. I actually tried it and it kept failing and discovered this issue after. |
Okay, is there an easy and free way to get a test setup somewhere? I can't write this without being able to test. |
The easiest way would probably be to just spin up a DigitalOcean box and install Jenkins via https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+Ubuntu Since you are only doing this for testing, only the apt commands really need to be followed I think |
Getting a plain Jenkins instance to run on a server on the internet is only part of it. I still have to make it work with Github OAuth. As far as I can tell I'd have to follow the setup described here: https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin To be honest, this looks like a fair bit of work, especially because I haven't done it before and will inevitably not get it right the first time round. With the amount of time I can spend on CCMenu at the moment, this can take a while. Is there really no Cloud / SaaS solution where I can sign up for a test account? |
There isn't one that I am aware of. There's cloudbees, but I don't see much info on it. If you'd like, I would be happy to test it for you. This change wouldn't really require GitHub at all since all it is, is changing from username + password to API key login isn't it? |
Ah, Jenkins supports simply using the API key as the password. According to the GitHub plugin, this should still be supported. Curious why it wasn't working for me then. Maybe something changed in Jenkins 2.0? Edit: Looked into it a bit further. It seems like it's a bit more complicated due to my permissions being granted through a group and we are also using the permission matrix rather than the other strategies. So it definitely logs in, but is getting permission denied. In this case, I honestly don't think anything needs to be done to CCMenu, it's just the Jenkin's setups that need to be corrected in my case, and people need to use the API Token as their password. |
Thanks for looking into this. I'll add the information that you can use the API token in the password field to the CCMenu website, but probably also directly into the app. Will still leave this issue open because proper OAuth support would be nice. |
Any update on this? |
Assuming you're interested in an update on proper OAuth support, then, no, there aren't any news. I still don't even have access to a test instance. If someone would provide me with one I could at least have a look to see how hard it would be to add this to CCMenu. |
Finally some movement on this. I now have access to an instance of gocd that is protected with Github. However, looking into the workflow it's not clear what CCMenu would do with the OAuth token it can get from Github. For those of you interested in this feature, could you check how the authentication actually works? When you go to your CI server, I assume it bounces you to a page on github.com. That then redirects to your CI server. How are the following requests authenticated? Do they simple return a cookie provided by the CI server? Edit: I'm curious to see details about an authenticated request against the cctray feed resource, e.g. |
In GoCD, the GitHub OAuth flow returns a token (and a refresh token, I believe) to the GoCD server via the "Authorization callback URL" mentioned here. Notice that it's not a browser callback, but directly to the server. This allows GoCD to connect the session ID to the GitHub auth token. When the session is considered stale, the auth token / refresh token is used to re-authenticate with GitHub, behind the scenes and to get a new token if necessary. If the user has been disabled or their permissions revoked, it is at this point that the user's session will be invalidated and they'll be logged out. This is correct as far as I know. Happy to go and confirm, if necessary. |
Thanks for confirming. Unfortunately, that means that there really isn't a way in which CCMenu can get access to a token to authenticate itself against gocd, right? |
Yes, there are now access tokens and an API to create them as well. But, it's not going to be easy for CCMenu to get it without a lot of work. I know @ketan had an idea which could help with this. It would still be a change on the GoCD side. |
We are currently authenticating to gocd via GitHub. Could you please help with what creds to use in CCMenu? |
@saffyA Unfortunately, we still haven't found a way to make this work. It's not even that it's just not implemented in CCMenu, it seems like there's no way to do it. If you have some control over your gocd installation, you could make the "cctray.xml" feed available via basic auth. That's what works so far. |
Hey there,
Is there any way we can connect to a Jenkins box that requires authenticating into Github first? That would be great for those of us who use the Github Authentication Plugin + Github OAuth.
The text was updated successfully, but these errors were encountered: