Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Troubleshooting guide for Github authentication flow #2333

Closed
alanna opened this issue Aug 15, 2019 · 20 comments
Closed

Troubleshooting guide for Github authentication flow #2333

alanna opened this issue Aug 15, 2019 · 20 comments

Comments

@alanna
Copy link
Contributor

@alanna alanna commented Aug 15, 2019

We get a lot of support requests related to the Github authentication flow, and I struggle because I don't know how to help people troubleshoot.

Would it be possible for @znarf or @xdamman or someone who understands how it works to give me the info here so we can write up a guide for the docs?

Here are the common issues people report:

  • Repository missing from the list
  • Showing personal repo's but they need an organisation's repo
  • Repo not showing because it has less than 100 stars but they are confused about why it's missing
  • Don't want to or can't grant unnecessary permissions

The organisation I want to connect it to is fully open, however other orgs I'm a member of do not want to allow the required permissions, and indeed shouldn't have to because they are unrelated to the organization in question. I can't seem to only allow the permissions for the relevant org. Read and write has to be granted to all repos in all orgs that allow third party applications.

Currently whenever someone can't use the Github flow I just ask them to create the Collective and manually apply to OSC. But this is not great because it's sometimes difficult for me to verify they are a legit core contributor this way. It's possible someone could start a Collective for a repo they don't have rights to. So it's better if we can get the Github flow working for them.

@piamancini

This comment has been minimized.

Copy link
Contributor

@piamancini piamancini commented Aug 19, 2019

Repository missing from the list

If you can't find your repo on the list check this:

  • does the repo you are looking for has +100 stars?

  • are you the owner of the repo with the profile you authenticated with? If the repo is under a different profile or an organization profile you won't see it here. You'll need to revoke access from your Github settings and re-authenticate with the right profile. If it's under and organization, make sure you give us access to your organizations (scroll down to see the check mark for it).

If you can't give us access to the organization who owns the repo, you won't see it in the list. Please contact support if this is the case.

also useful for:

Showing personal repo's but they need an organisation's repo

Don't want to or can't grant unnecessary permissions

We agree, the permissions are overly generous, we just need to read info. Unfortunately, there's not much we can do now since this is the only scope we can use to read the info we need. We've discusses this at length here: #355

If you have any suggestions on how to handle this better, feel free to send post on that issue, start a new one or send us an email support@opencollective.com

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Aug 19, 2019

If you need to test the flow, the best way is to go to https://staging.opencollective.com/opensource/apply where you'll be able to add any repositories safely.

The only blocker that you may encounter is that you need to have access to a repository with 100+ stars (the usual limitation) to be able to add it. If that's a problem, we can easily disable this requirement for staging.

@alanna alanna assigned contraexemplo and unassigned znarf, Betree and alanna Aug 26, 2019
@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Aug 29, 2019

@Betree Asking before I break anything: the only repositories with 100+ stars I have access to are from Open Collective's organization. Would that be a problem to test the flow? Or would you rather disable that requirement?

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Aug 29, 2019

@contraexemplo Feel free to test with Open Collective repos, as long as it's on staging that's fine. One problem you may face is that other team members may already have done the same on staging, thus you may get an error like "this collective already exist".

If you face this issue, just tell me and I'll prioritize the ability to disable the 100 stars requirement on staging.

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Aug 29, 2019

@Betree I can't go much further after picking a repository because I'm not an admin on eligible repositories or organizations. Will disabling that 100 stars requirement allow me to continue with any other repository I may have on my account?

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Aug 29, 2019

@contraexemplo Yes. I'm going to put that on my TODO to unblock you

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Aug 30, 2019

@Betree Just to check: did you already disable the filter? Because I still can't find repositories with less than 100 stars on the list to apply. I tried to reconnect my GitHub account to see if anything would change but... that doesn't seem to do anything. It looks like it sends an API request but on my settings, it still shows "GitHub account contraexemplo connected on 8/29/19" (yesterday).

Additional info: I revoked read authorization from my GitHub account and it allowed me to reconnect. However, I still can't find my other repos to pick from that list and it still shows "GitHub account contraexemplo connected on 8/29/19".

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Aug 30, 2019

@contraexemplo Not yet but the PRs are ready (opencollective/opencollective-api#2481 + opencollective/opencollective-frontend#2441). I'll try to get this merged before the weekend

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Aug 30, 2019

Okay! Thank you @Betree

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Sep 2, 2019

@contraexemplo Sorry I haven't been able to merge in time, will be done today

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Sep 2, 2019

@Betree No worries!

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Sep 2, 2019

@contraexemplo It's merged, https://staging.opencollective.com/opensource/apply should now display all your repos

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Sep 2, 2019

@Betree Aaaand it's working! Thank you!

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Sep 6, 2019

@Betree What's the recommended procedure to change which GitHub account is connected to your profile on Open Collective? Revoking access from GitHub?

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Sep 13, 2019

@contraexemplo Sorry for the late reply! I would indeed revoke access from GitHub yes.

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Oct 29, 2019

@Betree I'm revisiting this issue this week and I have a question: when I go through the authorization process on GitHub, our organization (opencollective) is followed by a green tick ("This organization allows the application to access organization data as described in the permissions above."). Is this related to the way an organization on GitHub manages their third-party application access policy or is this something else?

Additionally, with the organization I created just to test those functionalities, my policy is access restricted; I have to click on Grant to authorize the access. On another organization, I have to click Request (because of my role in the organization, I imagine?).

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Oct 29, 2019

when I go through the authorization process on GitHub, our organization (opencollective) is followed by a green tick ("This organization allows the application to access organization data as described in the permissions above."). Is this related to the way an organization on GitHub manages their third-party application access policy or is this something else?

Yes it is. We already granted the permissions to the Open Collective Github app for our organization, that's why there's a green tick.

Additionally, with the organization I created just to test those functionalities, my policy is access restricted; I have to click on Grant to authorize the access. On another organization, I have to click Request (because of my role in the organization, I imagine?).

Seems correct.

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Oct 29, 2019

Great, thanks!

@contraexemplo

This comment has been minimized.

Copy link

@contraexemplo contraexemplo commented Nov 4, 2019

Finished with @alanna's help, published here: https://docs.opencollective.com/help/collectives/osc-verification

@Betree

This comment has been minimized.

Copy link
Member

@Betree Betree commented Nov 13, 2019

@contraexemplo looking great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
5 participants
You can’t perform that action at this time.