Project tokens fail with 401 "You must log in first"

[mkly]

Orb version

1.1.4

What happened

verify_api_key

jira-connect-orb/src/commands/notify.yml

Line 60 in b20a84f

verify_api_key

This causes project tokens to fail with a 401 "You must log in first"

Expected behavior

Either verify the token in a way that is compatible with project tokens or remove the check

[mauriciojovel]

You need use a personal api token

https://circleci.com/account/api

Change it and let me know if work for you.

Best.

[KyleTryon]

@mkly Could you please update to 1.1.6 and ensure the personal token is set? We have just pushed a patch that should ensure that you are signed in.

[cskinfill]

With the update referenced in this ticket, is it a project token or personnel token needed to use the jira orb? I'd prefer to use a project token, so it's not associated when my account, in case I'm no longer associated with the org in GitHub.

[KyleTryon]

Hello all,

I suspect actually the last patch 1.1.6 may not in fact work, I realize now we are doubling up on the token now, it was already included via a special "fetch" function. So I suspect it might have actually been working previously.

Could anyone confirm they can curl the https://circleci.com/api/v2/me endpoint manually with their token successfully and then still saw the issue (prior to the new patch)?

@cskinfill this is the same token as required previously, actually to my mistake it was already being attached to that endpoint and I had missed that, we will remove this in the next patch as we figure this out.

The API key used is used to authenticate with an endpoint that speaks with Atlassian. Project level tokens are for Read-Access only and can not be used for this task. It is suggested for some to setup a "machine" user for write-level tokens that arent tied to a specific user.

If anyone else can confirm they are unable to connect to the endpoint via curl, then it may be the wrong token was used or has expired. If that is the case we may just undo the change.

[mkly]

@KyleTryon My apologies, the issue was that apparently this was working with a project token before, but now it requires a personal token.

[KyleTryon]

@mkly No apologies necessary! There may have been a change to the endpoint the orb uses, I will investigate that.

We will undo the change from #42 in the next patch which is currently duplicating the key.

[cskinfill]

@KyleTryon @mkly circling back on this ... so where does this stand? Do we need a personal token now? Or going back to using a project token (per #39 (comment)) ?

[devintjones]

Hi there, I'm still seeing this issue with a personal token:
https://circleci.com/api/v2/me?circle-token=<personal token>
responds with:
{ "message" : "You must log in first." }

However I am able to get a successful response from the v1 endpoint

Also, would like to note that the v2 docs don't seem to mention a v2/me resource.

I'm downgrading to @1.1.3 in the meantime

[nicowenterodt]

Any news on that? We also have problems using personal token leading to 401 "You must log in first" errors.