gocd-contrib / github-oauth-authorization-plugin Goto Github PK

View Code? Open in Web Editor NEW

13.0 8.0 19.0 961 KB

License: Apache License 2.0

Java 95.46% HTML 4.54%

github authorization plugin gocd

github-oauth-authorization-plugin's People

Contributors

Stargazers

Watchers

Forkers

bdpiprava varshavaradarajan chringwer leprechaun yikaus rafaeldff adityasood chakradeb ganeshspatil aveshagarwal gongdo kapopken rathourarv lobsterdore simon-hc isabella232 jamesmcnee

github-oauth-authorization-plugin's Issues

Update installation guide for plugin

Plugin installation guide need to be updated(with screenshots) with latest release of plugin.

Instructions on enable plugin debug

Currently configuring github oauth plugin with no luck, plugin able to configure on UI , however seems not triggering authenticate during login, additionally not able to see useful debug log to tracking down the issue , tried adding

plugin.cd.go.authorization.github.log.level=debug on docker ENV

<logger name="cd.go.authorization.github" level="DEBUG"> into logback-include.xml

None of above able to show debug log of plugin .

Can we add doc to describe adding debug log as well trouble shooting?

Kevin

Redirected with incorrect `client_id` resulting in GitHub 404 error page

I am attempting to configure this plugin in a new GoCD server. I've not been able to install/configure this plugin correctly.

Actual behaviour

When I go to my GoCD home page and press the "Login using GitHub OAuth authorization plugin" button I am redirected to this URL:

https://github.com/login/oauth/authorize?client_id={long-string-that-isn't-the-client-id}&redirect_uri={correct-url-encoded-callback-url}scope=user%3Aemail

This displays GitHub's 404 error page.

The only information that appear in the logs, is in plugin-cd.go.authorization.github.log:

2019-10-10 12:27:00,325 DEBUG [qtp2061494383-41] GitHubPlugin:46 - [Get Authorization Server URL] Getting authorization server url from auth config.

The long-string-that-isn't-the-client-id is url-encoded, has the prefix AES: and looks like it could be an encrypted representation of the client_id. I don't know if or how I could confirm that.

If I manually edit the url in the browser and replace the long-string-that-isn't-the-client-id with the actual, plain-text client_id I am redirected to Github's Authorization page "App-X want to access to access your ... account", which is the desired result.

Expected behaviour

When I go to my GoCD home page and press the "Login using GitHub OAuth authorization plugin" button I expect to be redirected to Github's Authorization page "App-X want to access to access your ... account".

How to reproduce

Details from https://{server-url}/go/about:

Go Server Version: 19.9.0 (10194-34fca8f7682a65ef5fbd6726d51fd52b0c041bc6)
JVM version: 12.0.1
OS Information: Linux 4.15.0-50-generic
Usable space in artifacts repository: 19.81 GB
Database schema version: 1909001
Pipelines Count: 0

More details:
OS: Ubuntu 18.04 LTS. Fresh install, all available updated have been installed.
Apache installed as:

sudo apt install apache2
sudo a2enmod proxy 
sudo a2enmod proxy_http

Lets-encrypt certificates created and installed using certbot described here:
https://certbot.eff.org/lets-encrypt/ubuntubionic-apache

GO-Server, GoCD Server Version: 19.9.0. Installed from ubuntu packages as described here: https://docs.gocd.org/19.9.0/installation/install/server/linux.html

Reverse proxy setup as defined here https://docs.gocd.org/19.9.0/installation/configure-reverse-proxy.html

Installed github-oauth-authorization-plugin-3.0.2-57.jar into /var/lib/go-server/plugins/external

The plugin was configured using instructions here: https://github.com/gocd-contrib/github-oauth-authorization-plugin/blob/master/INSTALL.md

A dedicated github user was setup to own both the OAuth application in GitHub and to provide the Personal Access Token (rather than having the GitHub organisation own the OAuth application).

Other info:

The only other authentication method enabled is a file-based password, with a single user.
No agents or pilelines have yet been configured.

Many thanks in advance.

Plugin styling is coupled to GoCD server

Some of the styling here assumes things from the GoCD server, e.g font-family: 'FontAwesome' which has broken with FontAwesome upgrade. To review how widespread this issue is across plugins and decide whether there needs to be some backward compatibility somehow.

GitHub Enterprise integration broken

Although the API space in github enterprise is /api/v3 which needs to be present in the configured github URL, for the login flow the /api/v3 part needs to be omitted.

Blocks entire GoCD server when Github is down/slow

When Github is down / unresponsive, it looks like the Github OAuth flow is blocking
the GoCD webserver, causing it to not respond to any more requests.
Looking at the threaddump, it seems like all webserver threads are hanging,
waiting for Github to respond.

The server also didn't respond to SIGTERM anymore. After killing it and bringing it back up, it
works as expected again.

Threaddump attached. Please let me know if you need more info.

Versions

os: debian stretch
gocd: 18.5.0
github-oauth-authorization-plugin: 2.0.0-12
other plugins: github-pr-poller 1.3.4, github-pr-status: 1.4

gocd-threaddump.txt.gz

http://fastthread.io/my-thread-report.jsp?p=c2hhcmVkLzIwMTgvMDYvNi8tLXgtLTEwLTI5LTUy

Instructions to configure plugin via automation

I want to be able to create the required entries in the cruise-config.xml file. The entries created via the manual process have encrypted the sensitive data. How can I emulate that?

It should choose the primary email, not the first one

If the user has multiple email addresses configured in github with the default one not being the first, gocd will select the first one, while the default email would be a more useful choice.

Deprecated Github Auth Mechanism

Hey there!

It looks like Github has announced that they will no longer support passing clientId() and clientSecret() as query parameters and instead recommends they be passed in as a header.

https://developer.github.com/changes/2019-11-05-deprecated-passwords-and-authorizations-api/#authenticating-using-query-parameters

Would it be possible to update the following function to reflect this change?
https://github.com/gocd-contrib/github-oauth-authorization-plugin/blob/master/src/main/java/cd/go/authorization/github/executors/FetchAccessTokenRequestExecutor.java#L86

404 using callback URL

I have the following for a callback URL:

https://my.server.domain.com:8154/go/plugin/cd.go.authorization.github/authenticate

After a user auths with github, it tries to redirect them to: (with a real code)

https://my.server.domain.com:8154/go/plugin/cd.go.authorization.github/authenticate?code=abcdef

That results in a 404.

Release 3.3.0-146 possibly affected by CVE-2020-36518

I have run Blackduck scan on the release 3.3.0-146 and it highlighted 1 security risk and 2 operational risks.

Security Risk:

CVE-2020-36518 affects jackson-databind up to version 2.13.2.1

Will it be possible to work on a patch which includes jackson-databind 2.13.2.2 ?

Operational Risks:

The release also uses jar org.jetbrains.annotation version 13.0. The latest version for this is 23.0 Is there any specific reason to use the much older version.
The scans also shows that jackson-core 2.13.1 jar is running 1 version behind.

I request you to consider upgrading these two dependencies.

Document how to use plain values in cruise-config.xml

Hi 👋

We're trying to have our GoCD server configured in code, ideally with a templated cruise-config.xml. This means we cannot use the encryption key generated by GoCD.
We are templating cruise-config like this:

<property>
  <key>ClientId</key>
  <value>{{ env "GOCD_GITHUB_OAUTH_CLIENT_ID" }}</value>
</property>

but as far as I can tell, the plugin assumes the value is encrypted and fails to start.

I am aware that we would probably be able to pin the key, but I would prefer if we could set these values plainly in the config.

Thank you.

Login page redirects to github.com when configured for GitHub Enterprise

Trying to enable login with GitHub enterprise, followed the instructions and test connection validates correctly when the URL is set to http(s):///api/v3/. When I attempt to login in by clicking on the github logo. I am redirected to github.com to login instead of my GitHub enterprise login page

Once install the plugin, doesn't show GitHub login page

I have installed GoCD in Ubuntu 22.04 with https://docs.gocd.org/current/installation/install/agent/linux.html
After confirmed the go-server is up and running, and copy the github-oauth-authorization plugin into /var/lib/go-server/plugin/external and restarted the go-server (https://github.com/gocd-contrib/github-oauth-authorization-plugin/blob/master/INSTALL.md)

root@at09-02-wp:/var/lib/go-server/plugins/external# ls -al
total 5804
drwxr-xr-x 2 go   go      4096 Oct 21 16:43 .
drwxr-xr-x 4 go   go      4096 Oct 21 14:03 ..
-rw-r--r-- 1 root root 5931421 Oct 21 16:43 github-oauth-authorization-plugin-3.3.1-213.jar
root@at09-02-wp:/var/lib/go-server/plugins/external#

Once I followed the third step(https://github.com/gocd-contrib/github-oauth-authorization-plugin/blob/master/INSTALL.md#create-authorization-configuration), The web browser redirected to https://github.com/example/login/oauth/authorize?client_id=11515af105f2a5c3bb02&redirect_uri=http%3A%2F%2Fat09-02-wp.example.com%3A8153%2Fgo%2Fplugin%2Fcd.go.authorization.github%2Fauthenticate&scope=user%3Aemail when accessing the same GoCD server in order to proceed to the 4th step, the log shows that

root@at09-02-wp:/var/lib/go-server/plugins/external# tail -f /var/log/go-server/plugin-cd.go.authorization.github.log
2022-10-21 14:28:01,159 DEBUG [qtp363376992-41] GitHubPlugin:46 - [Get Authorization Server URL] Getting authorization server url from auth config.
2022-10-21 14:30:07,302 WARN  [Thread-79] GitHubPlugin:97 - Request go.plugin-settings.get-configuration is not supported by plugin.
2022-10-21 14:35:41,201 DEBUG [qtp308485422-42] GitHubPlugin:46 - [Get Authorization Server URL] Getting authorization server url from auth config.

and the web browser is stuck at the GitHub's 404 page with above redirected URL.

I think it used Client ID as putting in the third step, but it doesn't pop the login page. This is what I set in GitHub OAuth:

Homepage URL: http://at09-02-wp.example.com:8153/go/pipelines
Authorization callback URL: https://at09-02-wp.example.com:8153/go/plugin/cd.go.authorization.github/authenticate

and from the 3rd step, I used the GitHub Enterprise with all fields.

GitHubEnterpriseUrl: https://github.com/example
ClientID: from GitHub OAuth
ClientSecret: from GitHub OAuth
Private Access Token: from GitHub OAuth
AllowedOrganizations: example

I am not sure if it's the known bug which it doesn't support GitHub Enterprise? Can you give a clue what's wrong with the config?

Support user search functionality in keeping it compatible with github.oauth.login

The plugin doesn't works on authentification

I have an error when i must auth with Github plugin 2.2.0-21 and GoCD version: 19.1.0 (8469-3885582184c6f7c4bbbeb94239e5dba6f5f772f4).
I use a personal token without filtring teams (just for my tests)

2019-02-05 14:34:04,547 ERROR [qtp665372494-30] p.c.g.a.g.c.g.a.g.GitHubPlugin:128 [plugin-cd.go.authorization.github] - Error while executing request go.cd.authorization.fetch-access-token
java.lang.IllegalArgumentException: Get Access Token] Expecting `code` in request params, but not received.
	at cd.go.authorization.github.executors.FetchAccessTokenRequestExecutor.execute(FetchAccessTokenRequestExecutor.java:54)
	at cd.go.authorization.github.requests.Request.execute(Request.java:47)
	at cd.go.authorization.github.GitHubPlugin.handle(GitHubPlugin.java:69)
	at com.thoughtworks.go.plugin.infra.DefaultPluginManager.lambda$submitTo$0(DefaultPluginManager.java:143)
	at com.thoughtworks.go.plugin.infra.FelixGoPluginOSGiFramework.executeActionOnTheService(FelixGoPluginOSGiFramework.java:225)
	at com.thoughtworks.go.plugin.infra.FelixGoPluginOSGiFramework.doOn(FelixGoPluginOSGiFramework.java:202)
	at com.thoughtworks.go.plugin.infra.DefaultPluginManager.submitTo(DefaultPluginManager.java:140)
	at com.thoughtworks.go.plugin.access.PluginRequestHelper.submitRequest(PluginRequestHelper.java:48)
	at com.thoughtworks.go.plugin.access.authorization.AuthorizationExtension.fetchAccessToken(AuthorizationExtension.java:187)
	at com.thoughtworks.go.server.newsecurity.providers.WebBasedPluginAuthenticationProvider.fetchAccessToken(WebBasedPluginAuthenticationProvider.java:104)
	at com.thoughtworks.go.server.newsecurity.controllers.AuthenticationController.authenticateWithWebBasedPlugin(AuthenticationController.java:155)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:181)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:440)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:428)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650)
	at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
	at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
	at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:381)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.web.FlashLoadingFilter.doFilterInternal(FlashLoadingFilter.java:39)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.newsecurity.filters.DenyIfRefererIsNotFilesFilter.doFilterInternal(DenyIfRefererIsNotFilesFilter.java:53)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.newsecurity.filters.AllowAllAccessFilter.doFilterInternal(AllowAllAccessFilter.java:34)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.newsecurity.filters.AbstractUserEnabledCheckFilter.doFilterInternal(AbstractUserEnabledCheckFilter.java:67)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at com.thoughtworks.go.server.newsecurity.filters.ThreadLocalUserFilter.doFilterInternal(ThreadLocalUserFilter.java:42)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.newsecurity.filters.AssumeAnonymousUserFilter.doFilterInternal(AssumeAnonymousUserFilter.java:65)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:208)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)
	at com.thoughtworks.go.server.newsecurity.filters.AlwaysCreateSessionFilter.doFilterInternal(AlwaysCreateSessionFilter.java:41)
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:185)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at com.thoughtworks.go.server.newsecurity.filters.ModeAwareFilter.doFilter(ModeAwareFilter.java:80)
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
	at com.thoughtworks.go.server.newsecurity.filterchains.MainFilterChain.doFilter(MainFilterChain.java:76)
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at com.thoughtworks.go.server.web.BackupFilter.doFilter(BackupFilter.java:81)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637)
	at com.thoughtworks.go.server.web.DefaultHeadersFilter.doFilter(DefaultHeadersFilter.java:50)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1629)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:527)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
	at org.eclipse.jetty.server.Server.handle(Server.java:530)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626)
	at java.lang.Thread.run(Thread.java:748)

An idea ?

When are changed emails synchronized into gocd?

Given that a user has an account in github and logged in to gocd and then changes their email address in github after that, when is this change synchronized to GoCD?

If this is in any way influenced by github-oauth-authorization-plugin, this should be documented in the README

Request go.plugin-settings.get-configuration is not supported by plugin

I have installed the extension according to the instructions in INSTALL.md. After saving the config for the auth plugin I get this error:

There was a problem fetching Authorization Configurations

Refresh [this page](javascript: window.location.reload()) in some time, and if the problem persists, check the server logs.

The logs show:

jvm 1    | 2022-06-15 15:56:26,054 INFO  [Thread-78] DefaultPluginJarChangeListener:67 - Plugin load starting: /go-working-dir/plugins/external/githubauth.jar
jvm 1    | 2022-06-15 15:56:26,356  WARN [Thread-78] p.c.g.a.g.c.g.a.g.GitHubPlugin:97 [plugin-cd.go.authorization.github] - Request go.plugin-settings.get-configuration is not supported by plugin.
jvm 1    | 2022-06-15 15:56:26,357 WARN  [Thread-78] PluginSettingsMetadataLoader:63 - Failed to fetch plugin settings metadata for plugin cd.go.authorization.github. Maybe the plugin does not implement plugin settings and view?
jvm 1    | 2022-06-15 15:56:26,357 WARN  [Thread-78] PluginSettingsMetadataLoader:64 - Plugin: cd.go.authorization.github - Metadata load info: [{extension='authorization', configuration='null', view='null', error='The plugin sent a null response'}]
jvm 1    | 2022-06-15 15:56:26,358 WARN  [Thread-78] PluginSettingsMetadataLoader:65 - Not all plugins are required to implement the request above. This error may be safe to ignore.
jvm 1    | 2022-06-15 15:56:26,358 INFO  [Thread-78] DefaultPluginJarChangeListener:74 - Plugin load finished: /go-working-dir/plugins/external/githubauth.jar

And when I try to login I get:

jvm 1    | 2022-06-15 16:00:37,273 ERROR [qtp856469860-24] p.c.g.a.g.c.g.a.g.GitHubPlugin:127 [plugin-cd.go.authorization.github] - Error while executing request go.cd.authorization.fetch-access-token
jvm 1    | java.lang.IllegalArgumentException: Get Access Token] Expecting `code` in request params, but not received.
jvm 1    | 	at cd.go.authorization.github.executors.FetchAccessTokenRequestExecutor.execute(FetchAccessTokenRequestExecutor.java:51)
jvm 1    | 	at cd.go.authorization.github.requests.Request.execute(Request.java:47)
jvm 1    | 	at cd.go.authorization.github.GitHubPlugin.handle(GitHubPlugin.java:69)

I'm running the official docker image gocd/gocd-server:v22.1.0 and installed the plugin using -e GOCD_PLUGIN_INSTALL_githubauth=https://github.com/gocd-contrib/github-oauth-authorization-plugin/releases/download/v3.3.0-172/github-oauth-authorization-plugin-3.3.0-172.jar

Deprecated Teams API Endpoints

Hi,

I'm assigning roles by github teams with this plugin and seems that this plugin is being currently affected by a current brownout.

See https://github.blog/changelog/2022-02-22-sunset-notice-deprecated-teams-api-endpoints/

I believe this will eventually be taken care of but the github api library (ref: hub4j/github-api#1386)

Cheers