Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github PR enterprise sign in not work after putting up PAT #4804

Closed
luyu12 opened this issue May 3, 2023 · 10 comments
Closed

Github PR enterprise sign in not work after putting up PAT #4804

luyu12 opened this issue May 3, 2023 · 10 comments
Labels
info-needed Issue requires more information from poster

Comments

@luyu12
Copy link

luyu12 commented May 3, 2023

Github PR enterprise sign in not work after putting up PAT

  • Extension version: 0.62.0
  • VSCode Version: 1.77.3
  • OS: MAC OS 13.3.1

Steps to Reproduce:

1.Click the profile icon "sign in with <** enterprise github uri> to use github pull reuqest" on the bottom left
2.add PAT in github with required permission
3.go back to vscode and paste the github in the prompt, hit enter.
4. nothing happened. there's no message indicating whether the action succeeded or failed and what's the next step.
@alexr00
Copy link
Member

alexr00 commented May 12, 2023

Did the "GitHub: Pull Requests" view show pull requests after you signed in?

@alexr00 alexr00 added the info-needed Issue requires more information from poster label May 12, 2023
@burhbayr
Copy link

burhbayr commented May 24, 2023
edited by alexr00
Loading

Have the same issue. Getting this output:

myfirm-enterprise = link to the company enterprise

2023-05-24 14:34:49.230 [info] Getting sessions for read:user,repo,user:email,workflow...
2023-05-24 14:34:49.230 [info] Got 0 sessions for read:user,repo,user:email,workflow...
2023-05-24 14:34:51.157 [info] Logging in for the following scopes: read:user repo user:email workflow
2023-05-24 14:34:51.158 [info] Trying device code flow... (read:user repo user:email workflow)
2023-05-24 14:34:51.167 [error] request to https://myfirm-enterprise/login/device/code?client_id=01ab8ac9400c4e429b23&scope=read:user%20repo%20user:email%20workflow failed, reason: unable to verify the first certificate
2023-05-24 14:34:53.477 [info] Trying to retrieve PAT... (read:user repo user:email workflow)
2023-05-24 14:34:58.441 [info] Getting token scopes...
2023-05-24 14:34:58.457 [error] request to https://myfirm-enterprise/api/v3/ failed, reason: unable to verify the first certificate
2023-05-24 14:34:58.458 [error] network error
2023-05-24 14:34:58.458 [error] Error: No auth flow succeeded.
	at t.GitHubServer.login (c:\Users\burhbayr\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\github-authentication\dist\extension.js:2:594177)
	at process.processTicksAndRejections (node:internal/process/task_queues:96:5)
	at async t.GitHubAuthenticationProvider.createSession (c:\Users\burhbayr\AppData\Local\Programs\Microsoft VS Code\resources\app\extensions\github-authentication\dist\extension.js:2:590279)
2023-05-24 14:36:12.871 [info] Reading sessions from keychain...
2023-05-24 14:36:12.871 [info] Getting sessions for all scopes...

I can enter anything when asked for the PAT certifcate it will always show the same error.

Vscode Version: 1.78.2
OS: Windows 10
Extension Version: 0.64

@alexr00
Copy link
Member

alexr00 commented May 24, 2023

@burhbayr I think this means that your organization has misconfigured their GitHub Enterprise server: https://stackoverflow.com/questions/31673587/error-unable-to-verify-the-first-certificate-in-nodejs

@TylerLeonhardt FYI in case there is something we can do in GitHub Enterprise auth to work around this.

@TylerLeonhardt
Copy link
Member

@chrmarti would this be a proxy thing?

@chrmarti
Copy link
Contributor

@burhbayr Could you install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output of F1 > Network Proxy Test: Test Connection with "https://myfirm-enterprise/" as URL when prompted in VS Code?

If you cannot install the extension through the Extensions viewlet in VS Code, you can use the Download Extension link on the above linked page and then install the downloaded VSIX with F1 > Extensions: Install VSIX....

@burhbayr
Copy link

burhbayr commented May 25, 2023
edited
Loading

@chrmarti I am getting this output, but unfortunately i don´t know how to intepret this.

Note: Make sure to replace all sensitive information with dummy values before sharing this output.

VS Code 1.78.2 (b3e4e68a0bc097f0ae7907b217c1119af9e03435)
Network Proxy Test 0.0.7
win32 10.0.19045 x64

Settings:

  • http.proxy:
  • http.proxyAuthorization: null
  • http.proxyStrictSSL: true
  • http.proxySupport: override
  • http.systemCertificates: true

Environment variables:

Sending GET request to https://myfirm-enterprise/...
vscode-proxy-agent: DIRECT
Received error: unable to verify the first certificate (UNABLE_TO_VERIFY_LEAF_SIGNATURE)
Retrying while ignoring certificate issues to collect information on the certificate chain.

Sending GET request to https://myfirm-enterprise/ (allowing unauthorized)...
vscode-proxy-agent: DIRECT
Received response:

  • Status: 302 Found
  • Location: https://myfirm-enterprise/login
    Certificate chain:
  • Subject: myfirm-enterprise (Myfirm)
    Subject alt: DNS:myfirm-enterprise, DNS:assets.myfirm-enterprise, DNS:avatars.myfirm-enterprise, DNS:codeload.myfirm-enterprise, DNS:containers.myfirm-enterprise, DNS:docker.myfirm-enterprise, DNS:gist.myfirm-enterprise, DNS:maven.myfirm-enterprise, DNS:media.myfirm-enterprise, DNS:npm.myfirm-enterprise, DNS:nuget.myfirm-enterprise, DNS:pages.myfirm-enterprise, DNS:raw.myfirm-enterprise, DNS:render.myfirm-enterprise, DNS:rubygems.myfirm-enterprise, DNS:uploads.myfirm-enterprise
    Validity: Apr 14 13:30:27 2023 GMT - Jul 12 13:30:27 2025 GMT
    Fingerprint: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
    Issuer certificate 'MyfirmIssuing2017' not in certificate chain of the server.

Last certificate not verified by OS root certificates. This might indicate an issue with the root certificates registered in your OS:

  • Make sure that the root certificate for the certificate chain is registered as such in the OS. Use F1 > Network Proxy Test: Show OS Certificates to see the list loaded by VS Code.
  • Also make sure that your proxy and server return the complete certificate chain (except possibly for the root certificate).

Fingerprint has a valid value.

@chrmarti
Copy link
Contributor

chrmarti commented May 25, 2023
edited
Loading

It looks like 'MyfirmIssuing2017' is a CA certificate used for signing your server certificate. Make sure the 'MyfirmIssuing2017' certificate is part of the trusted root certificates in the OS. You can use F1 > Network Proxy Test: Show OS Certificates to see the list of certificates loaded by VS Code.

@burhbayr
Copy link

I will try to add this.
What i am concerned is why git graph and Fork is working without problems, but with this extension we have problems.
Would be nice to know what they are doing differently in their authentication.

@burhbayr
Copy link

Needed to copy the 'MyfirmIssuing2017 certificate in certmgr from Intermediate Certification Authorities to Trusted Root Authorities. After a restart from VSCode i could login into the github Enterprise!
Thanks for the help.

@chrmarti
Copy link
Contributor

I will try to add this.
What i am concerned is why git graph and Fork is working without problems, but with this extension we have problems.
Would be nice to know what they are doing differently in their authentication.

They might consider the Intermediate Certification Authorities when trying to verify the last certificate in the certificate chain returned from the server.

This seems to be a recurring pattern with intranet CAs. Continuing in microsoft/vscode#177139. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
info-needed Issue requires more information from poster
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@TylerLeonhardt @chrmarti @luyu12 @alexr00 @burhbayr