-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault responds with a 500 status code after receiving a 4xx during GitHub authentication #18579
Comments
@mladlow @tijmendj @hsimon-hashicorp Can I work on this one? |
@aitumik Fine by me, I think that if you create a PR someone from Hashicorp will be asked to review. |
Hi @aitumik , are you already working on this one or can I work on this one? |
@mhdiiilham no am not currently working you can work on it |
Hi, I wanted to check if this is still relevant to pick up but this seems resolved.
|
@Glyphack I just tried my steps on the latest build of Vault and I still get the same results as in my initial report. What steps did you take? I get a similar permission denied message if I don't |
Describe the bug
When using Vault with GitHub authentication, invalid/expired/missing personal access tokens will result in Vault responding with a 500 status code. This is despite the response body (presumably forwarded from GitHub) containing a 4xx status code.
This behavior was originally found in a production Vault, but can be reproduced with a local development Vault. All steps and configuration refer to the latter for ease of reproduction.
Error 1, when the
GITHUB_TOKEN
is not set:Error 2, when the
GITHUB_TOKEN
is incorrect:To Reproduce
Steps to reproduce the behavior:
vault server -dev
vault auth enable github
vault write auth/github/config organization=ORGANIZATION
curl -v --request POST --data "{\"token\": \"$GITHUB_TOKEN\"}" localhost:8200/v1/auth/github/login
GITHUB_TOKEN
environment variable to any value that's not the empty string or the actual PATExpected behavior
Vault would return a 401 status code in the above responses rather than 500
Environment:
vault status
): 1.13.0-dev1 (originally found on 1.8.3)vault version
): Vault v1.13.0-dev1 ('159b60a181bae2d54c666ad09ca607988e4bf5c5'), built 2022-12-23T17:14:41ZVault server configuration file(s):
None, clean install
Additional context
None so far
The text was updated successfully, but these errors were encountered: