This issue only affects a small slice of users, but I figured I should log it anyway. If you keep your HEROKU_API_KEY in ENV, you cannot switch accounts using the CLI, and heroku auth:whoami doesn't work.
@zeke - I was aware. I think maybe it should work as it does though. whoami ends up being weird for sure, but I don't think login/logout changing the environment would be a good idea. It seems like it would be confusing/problematic anyway.
This one was driving me crazy for the last 30 minutes.
I just wasted an hour scratching my head due to this issue.
Of course, I had HEROKU_API_KEY set in my ENV long back which was now invalid.
But, I couldn't find any documentation on this anywhere in Heroku docs or help forums. Only way I found this issue was after I had tracked the issue down to HEROKU_API_KEY and searched for it in Issues.
I understand setting HEROKU_API_KEY in ENV may not be a supported/documented feature and we're on our own if we do.
But, since auth:login skips asking for credentials when ENV['HEROKU_API_KEY'] is set, at least a warning message indicating the same would help avoid such confusion.
Wow, thank you. Just spent an hour on that too.
👍 It was not apparent that it was happening because of env variable being set. Wasted quite some time to figure it out. I wish I had seen this issue then.
Would logging something like "Using HEROKU_API_KEY" before returning here be sufficient?
Yeah, that would be much better than just silently using it.
Patched in #1052 , but I don't know how applicable it is to our user base as a whole so ¯\(ツ)/¯
I also suffered this. I had the HEROKU_API_KEY in my ENV, which I think was invalid after I changed my Heroku password recently (which regenerates your API key).
Having reset my Heroku password after the recent Heartbleed OpenSSL Vulnerability issue, I too have spent the last hour trying to figure this out. I had to manually $ heroku config:set HEROKU_API_KEY=*my_api_key*
Just thought I'd mention it here in case others are having the same issue at the moment.
$ heroku config:set HEROKU_API_KEY=*my_api_key*
This thing had me without access to my (production) heroku apps for a long while. I didn't realize that HEROKU_API_KEY was an actual, official, (albeit hidden) thing. I just had used that particular environment variable at one time for a python app that utilizes the heroku api. So when the API Key got changed, and I had an ENV var sitting around, everything was screwed up and broken, with no clues what was wrong.
>: heroku version
heroku-toolbelt/3.9.1 (x86_64-darwin10.8.0) ruby/1.9.3
>: heroku plugins
You have no installed plugins.
>: ls -al .netrc
ls: .netrc: No such file or directory
>: heroku logout
Local credentials cleared.
>: heroku login
>: heroku apps
>: heroku keys
The above was totally mind boggling
Agreed. When/where do you think we could best warn/notify about the config var usage to help with this? In login maybe? We probably shouldn't notify all the time, so narrowing it to the right time/place to be relevant would be good. Thanks!
Yes I think at login time would be most useful, although any "authentication failure" where its a problem with the HEROKU_API_KEY may be useful as well. As soon as I got an "Authentication failure" my first action was to re-authenticate with a logout/login. But not getting the opportunity to re-enter my login information (email/password) and being told "Authentication successful" without it actually being successful or even knowing what it was using to authenticate (I assumed it was a file or value saved somewhere) was very frustrating.
#1052 outputs it with every command, IIRC, but could likely be modified to only output at certain times
I added a warning to the documentation: https://devcenter.heroku.com/articles/authentication#api-token-storage
I also added a stderr message that will say HEROKU_API_KEY was used if there is an authentication failure