Credentials Issue #2165
Comments
|
So is this a bug with the latest App Store version? Do we need to disable OAuth restrictions? Sent with GitHawk |
rnystrom
added
the
❔ question
|
i’m also getting “something went wrong” on various projects. though, this post was made in the app... so, not sure what’s up. (trying to comment on an issue in babel’s repo fails) |
|
I don’t have any. Just what the public has. |
|
Ya idk it’s weird that we’d be getting that error for posting a comment. @BasThomas @rnystrom any ideas? Sent with GitHawk |
|
I thought I saw some weird inconsistencies w/ auth between PAT and normal login b/c of third-party scopes. Is that what this is from? |
|
I logged in normally. Sent with GitHawk |
|
@rnystrom since we closed my issue ticket today, do you have any idea what may cause it. Also expanding on op that I’ve received this error when:
|
|
I don’t and haven’t had time to investigate. Would love someone’s help here. Sent with GitHawk |
|
@Huddie testflight The failure to post a comment is this newest one “...7256” and was produced on this repository And the close reopen auth error was the testflight build right before it “...0019” and was produced in the cr-api-ux repository Both issues have worked at other times in the same exact repository so it’s not restricted permissions |
|
@Huddie is there any other info I could give to help. I’m seeing this almost daily, but only in this app, works fine in codehub and native GitHub |
|
@rnystrom I’m seeing this super super often, essentially several times daily. I know you said a week and a half ago, you didn’t have a ton of time to investigate yourself. Is there anything that would be helpful to provide for perhaps someone to take over with more detail. Among the people most involved like bas and others, any idea who’s subject matter this best fits with? Not to overreact, but, imo, this is a pretty significant big, it essentially makes me resort to going to github or another 3 party app every time just to post a comment which could def drive users away. Keep in mind, it seems repo dependent. I don’t see it often, if ever, here, but I see it a ton in other specific repos. |
|
@ijm8710 you seem to be the one hitting the the most, so you’d be a great champion to fixing it. Some ways you can contribute:
I appreciate that you’re reporting issues, but I prioritize my time based off the biggest issues, and when it’s one person hitting something I’d rather fix a bug or add a feature that everyone else is able to benefit from. I made this project free and open source so it can be a community effort. It’s not mine or anyone else’s job to fix someone’s bug. Sent with GitHawk |
|
Totally fair. I’ll try to do some of those things. For what it’s worth @jukben @Huddie @jsg2021 and myself have all reported it. When there’s prob 20-25 people that are consistently active here and 25% of the users are reporting the issue, I do think it’s slightly more than an isolated issue for one user. But what you said is totally reasonable so I will try to contribute to some of the items you referenced. |
|
@Huddie @rnystrom hey, so I ended up adding another test account to githawk using the personal access tokens. I could be wrong, but from my memory, my initial account was not setup with a personal access token, but rather a normal login plus grant access portal. With the personal account token for account two, I granted full-access. The second account, I am able to fully action items without restriction that were failing every time with the primary account.
These findings were confirmed on the Babel repo mentioned above as well |
|
You should be able to check your access level. Pretty sure we have it in settings a link to your access. Is it different from the personal token? Sent with GitHawk |
|
Yeah @Huddie this was different. The access you refer to highlight 3 items. I enabled like 15 for the option under developer settings as I had to set it up to generate the token. Was I accurate that the first account doesn’t need a token and was a portal signup? |
|
Ya regular sign in I believe only has 3 access items. Private repos, access notifications, update user info. I’d suggest: Maybe @rnystrom has a better sense of where the issue is coming from but I’d suggest keeping up the diagnostic work and pinpoint the problem. Sent with GitHawk |
|
I’ve started doing this. I removed accesses and create a new set of permission for a token. But where would I insert this new token code in githawk? As far as a I see there is no way to remove an account or add new token info for an account (issue 1) And I do not want to sign out of test account because that says it will sign me out of all accounts and lose my bookmarks (issue 2) I do agree with this methodology otherwise to solve the overarching item (issue 3) |
|
Looks like it’s the public_repo permissions Feel free to test that in the Babel repo referenced earlier |
|
@ijm8710 thanks for this! Is there a scope were missing from the login flow? I feel like there’s something missing there but I thought we are requesting the broadest scopes possible... https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ Atm we request https://github.com/GitHawkApp/GitHawk/blob/master/Classes/Login/LoginSplashViewController.swift Sent with GitHawk |
|
@Huddie @rnystrom completely see where you guys are coming from and how the code lists user, repo and notification. And how public_repo is a sub-asset of public. But in doing my diagnosis myself, that is exactly what I did. I created 10-15 different tokens adding and removing different permissions and confidently diagnosed that public_repo is the issue and that just having that permission solves the issue I see and removing it repro’s the issue identically. I’m guessing perhaps maybe the line item code that includes the general permissions granted might need to be slightly tweaked. Perhaps the fact that it references private affects it? I’m not sure but what I am 99% sure about is public_repo permissions are currently not being granted. Again, try it out. Try creating test account and using it with Babel repo with and without this permission and you should be able to replicate my findings! Let me know if there’s anything else you need me to do on this ticket. I did mention a few items here. Basically a couple things that bug-testing this causes me to notice about the app that could be optimized. Please let me know if you feel either of them are relevant, I can individually ticket either or both of them and hopefully my diagnosis here helps spur solving the main ticket on this. Thanks. |
|
I’m going to try to setup a script to repro this and plug in different scopes. The big bummer is that even if we solve this, people will have to logout/login to get the new permissions... Maybe we should prioritize selective logout next. Sent with GitHawk |
|
Are you saying that if you repro this, only existing users will be affected by having to re-login..and new users should be good going forward assuming the permissions can be tweaked? This brings up one of the things I referenced in my last reply. I know you try to have as little server side items as possible for user safety, but is there any workaround to retain bookmarks with a log out? I also asked if there was a way to remove an account without fully logging out and/or adjust permissions on a logged in account.Just things I came across when testing this. (This night perhaps relate to your last line) |
|
Ya exactly. New users would be fine. Let’s keep the bookmarks discussion in another issue. Sent with GitHawk |
|
Gonna do some live debugging here... Trying to send a mutation {
addReaction(input: {subjectId: "MDU6SXNzdWUzNzcxODQ3NTg=", content: HEART}) {
subject {
viewerCanReact
id
}
}
}Using a token from intercepted from the basic auth route ("Sign in with GitHub" button) yields this result: {
"data": {
"addReaction": null
},
"errors": [
{
"message": "Although you appear to have the correct authorization credentials,\nthe `babel` organization has enabled OAuth App access restrictions, meaning that data\naccess to third-parties is limited. For more information on these restrictions, including\nhow to whitelist this app, visit\nhttps://help.github.com/articles/restricting-access-to-your-organization-s-data/\n",
"type": "FORBIDDEN",
"path": [
"addReaction"
],
"locations": [
{
"line": 2,
"column": 3
}
]
}
]
}Using a Personal Access Token with {
"data": {
"addReaction": {
"subject": {
"viewerCanReact": true,
"id": "MDU6SXNzdWUzNzcxODQ3NTg="
}
}
}
}
And confirmed in the .com UI:
Now this section in the "Understanding Scopes" docs has this:
So when I send a X-OAuth-Scopes for PAT: Then w/ the intercepted token: X-OAuth-Scopes for intercepted: So scopes look exactly the same. |
|
Now let's try using the V3 API for Reactions... We can use the create Reaction for an Issue API. URL JSON Body {
"content": "heart"
}Header Using the PAT: {
"id": 31889413,
"node_id": "MDg6UmVhY3Rpb24zMTg4OTQxMw==",
"user": {
"login": "rnystromtest",
"id": 28745486,
"node_id": "MDQ6VXNlcjI4NzQ1NDg2",
"avatar_url": "https://avatars1.githubusercontent.com/u/28745486?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/rnystromtest",
"html_url": "https://github.com/rnystromtest",
"followers_url": "https://api.github.com/users/rnystromtest/followers",
"following_url": "https://api.github.com/users/rnystromtest/following{/other_user}",
"gists_url": "https://api.github.com/users/rnystromtest/gists{/gist_id}",
"starred_url": "https://api.github.com/users/rnystromtest/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/rnystromtest/subscriptions",
"organizations_url": "https://api.github.com/users/rnystromtest/orgs",
"repos_url": "https://api.github.com/users/rnystromtest/repos",
"events_url": "https://api.github.com/users/rnystromtest/events{/privacy}",
"received_events_url": "https://api.github.com/users/rnystromtest/received_events",
"type": "User",
"site_admin": false
},
"content": "heart",
"created_at": "2018-11-05T00:26:15Z"
}
And we got the reaction 👌
Now what about the normal token? {
"id": 31889458,
"node_id": "MDg6UmVhY3Rpb24zMTg4OTQ1OA==",
"user": {
"login": "rnystrom",
"id": 739696,
"node_id": "MDQ6VXNlcjczOTY5Ng==",
"avatar_url": "https://avatars2.githubusercontent.com/u/739696?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/rnystrom",
"html_url": "https://github.com/rnystrom",
"followers_url": "https://api.github.com/users/rnystrom/followers",
"following_url": "https://api.github.com/users/rnystrom/following{/other_user}",
"gists_url": "https://api.github.com/users/rnystrom/gists{/gist_id}",
"starred_url": "https://api.github.com/users/rnystrom/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/rnystrom/subscriptions",
"organizations_url": "https://api.github.com/users/rnystrom/orgs",
"repos_url": "https://api.github.com/users/rnystrom/repos",
"events_url": "https://api.github.com/users/rnystrom/events{/privacy}",
"received_events_url": "https://api.github.com/users/rnystrom/received_events",
"type": "User",
"site_admin": false
},
"content": "heart",
"created_at": "2018-11-05T00:28:21Z"
}Success 😕
Why do both tokens work on the V3 API but not the GraphQL mutation? |
|
I feel it’s because graphql does not grant public_repo access |
|
@ijm8710 is there something I'm missing?
Also see above that the scopes returned in the |
|
Perhaps what I tested means absolutely nothing, but I noticed that just having public_repo made all these fails nonexistent and vice versus. Perhaps full repo access is omitting this subpermission. I’m prob focused on the wrong thing but it just seemed a huge coincidence that that access related 1:1 with the issue itself |
|
Let me try manually changing the auth scope in GitHawk, logging in, and using that token. Btw filed this on the GitHub API forums. edit: GitHub marked it as spam? Trying to figure that out... |
|
^yeah this is what I did in my testing :) happy for you to mirror |
|
Not sure your link works in your link |
|
Correct only PAT |
|
Ok, ya that was known for a while to work. It's normal auth that is the issue. |
|
Sorry ;) and yeah you might have to reset your link in the troublehsoot post |
Describe the bug
I'm trying to fix my PR #2157.
My example gif shows a "something went wrong" error. At first, I assumed it was some maybe network issue or something since the error is the generic one (so who really knows). I just assumed it didn't code I changed since I didn't really change anything that I can see would ever effect it.
I printed the result in
addCommentClient.swiftunder thecase: .faliurethe result is:
I guessed it may have been my Github Client ID or Secret but
Note: Using the Testflight version of githawk works fine.
To Reproduce
Umm.. unsure.
Expected behavior
For the comment to post successfully
Screenshots
See PR with gif
Anyone have an idea of stuff I can try? Did I just forget to do something obvious? Does my code in the PR seem to mess something up in this regard? (I really don't think its the code cause it works for my other repos
Any help is appreciated
The text was updated successfully, but these errors were encountered: