403 client error on api.github.com #311
Comments
|
cc @tjcrone |
|
I've been getting this error a lot too in my testing of #310. I don't know what causes it. It seems to go away after a while. Can you try again later and let me know if it works. |
|
Thanks for the quick reply! So you're saying possibly an issue with github's API service? I have retried several times over the past 8 minutes with no change. I will wait longer and then retry. It only happens when I enter a valid SMS code. |
|
Yeah, I use the authenticator app. I don't know if that's related. For me it happens after testing it for a while so maybe the API is trying to anti-spam me. But that doesn't explain why it would happen to you, unless you are also using the API for other things, or have run doctr configure a few times already before this. |
|
Apparently rate limit messages raise 403 https://developer.github.com/v3/#rate-limiting. I'm not sure if the message in the response is being included in the exception from requests. So this could be the issue. |
|
This is also happening to me on my first |
|
Update: it worked eventually. I do think it's somehow a rate limiting issue, because I tried a different API call and got such a message. However, I don't understand how I exceeded the limit, since I got the error on my very first config attempt. |
|
The API limits are pretty low for unauthenticated calls. But I wouldn't think an authentication request itself would count as unauthenticated. I'll try to take a closer look and see if I can figure out what is going on. |
|
Here is what I did (on brand new repo):
Maybe this will reproduce it? |
|
I can reproduce getting 403 after waiting a while. This is the response But I can't currently reproduce the 403 on every login attempt thereafter. |
This is almost exactly the same as what I just tried (again). The difference is that, after finally enabling on travis, I got a slightly different error after the "What repo do you want to build the docs for" question: Then after that, on all subsequent attempts, I got the 403 error. This is a frustrating situation. I was relying on doctr to deploy a website for a course that is starting in one week. (It worked like a charm last year!) Any suggestions for a workaround would be highly appreciated. |
|
Update: this morning it finally worked. |
|
OK, I was able to reproduce this again, by doing exactly what you did (created a new repo, tried doctr before enabling it, then enabling it). With some debug printing of the response json and headers, I can confirm that the problem is indeed a rate limit. GitHub allows 5000 authenticated requests per hour, so I'm not sure how it is being hit. My guess is that when you press the "sync account" button on Travis this sucks up all your requests. The requests reset every hour, so the best workaround for now if you get this is to just wait and try again. I'll work on printing better messaging about this from doctr's side. 401 just means your OTP timed out. The doctr code assumes the session is short enough that it can get the OTP once at the beginning and use it throughout. I'm not too worried about it if someone leaves doctr configure unfinished for a few minutes and it fails and they have to run it again (though we could make the error messaging better). |
|
Regarding why it happens when OTPs are used, I guess it's because we do a "fake" post when OTPs are used to force SMS codes to be sent (#203). |
401 errors are caused when the OTP expires from a long session. The way the code is currently organized, it isn't easy to re-ask for it, so for now we just print a message to try again. This generally only happens if the user does something in the middle of running doctr configure, such as going to enable Travis on the repo. If everything is already configured, a single session is generally short enough to use the same OTP code. 403 errors occur when the GitHub API rate limit is hit. This can happen when unauthenticated requests are used (i.e., --no-upload-key), as the limit is 60 global GitHub API requests per IP per hour. For authenticated requests, the limit is 5000 requests per hour, but this is shared across all oauth applications. It seems that the Travis "sync account" button consistently causes this limit to be hit if you have access to many repos (for instance, if you are a member of the conda-forge organization). So if a user goes to enable a repo on Travis, then runs doctr configure, they will hit this error. doctr configure now prints an error message indicating that the rate limit has been hit and how long it will be until it resets. Unfortunately, there is not much else we can do here. Fixes #311.
|
OK, I'm now sure that the Travis "sync account" button is the source of the trouble here. In particular, if you are a member of the conda-forge organization, then Travis has to look at over 5000 repositories (the rate limit is 5000 requests per user per hour, shared across all oauth applications). There's not much we can do about this, aside from improving the messaging. Unfortunately, I suspect Travis also monitors the rate limit and restarts the sync. So it is possible that even after the reset time, the limit will be hit again. I don't have access to 10000 repos, so I can't say for sure (all I could find was this old issue). Also, it looks like the request before the OTP code does count as an unauthenticated request as far as rate limits are concerned, at least according to the headers, but it doesn't actually prevent the final authentication with OTP if the remaining unauthenticated requests is 0. I've made a PR with improved messaging at #320. |
|
Wow! Good sleuthing. Very interesting consequence to the size of conda forge. |
😱 yes this sounds right! Every time I have tried this, it has been right after doing travis sync account. And yes, I am a conda-forge member. cc @ocefpaf, who may be interested in this conda-forge related issue. |
|
In my own case, this happened to me after setting up https://github.com/drdoctr/travis-ci-com-testing on Travis to test #309. @rabernat @moorepants if you can comment on the messaging in #320 that would be great. |
|
I am also a member of conda-forge, so this all tracks for me too... |
I am trying to set up doctr on a new repo following the instructions in the readme. I have the latest version of doctr (1.7.3).
After I enter my authentication code, I get a 403 Client Error.
I am totally stuck on this issue! Any help would be greatly appreciated.
The text was updated successfully, but these errors were encountered: