Plugin does not accept Github token scheme about generic-webhook-trigger-plugin HOT 7 CLOSED

Im nor really sure what you are trying to do. You can configure a token in the plugin for a specific job. That token will need to be supplied when trying to trigger that job.

There is also HMAC verification which is something completely different. Not sure if maby that is what you want.

from generic-webhook-trigger-plugin.

@tomasbjerre What I'm saying is when I configure the token it does not work, because Github does not call the webhook with any of the accepted ways to authenticate the token.

So yeah, I'm asking for the plugin to support secret keys with Github. That happens to be HMAC verification.

from generic-webhook-trigger-plugin.

"The job also appears configured correctly barring the token, given it triggers if I call the invoke URL manually" what is the exact URL that you trigger?

"does not send a 'token' like the plugin expects" but your supplied pipeline code does not contain any token.

If you are browsing to the trigger URL, you might already be authenticated and that is why the job is found and triggered.

If you add the same URL to GitHub is will not be authenticated and not find any jobs to trigger.

If you configure a token in the plugin, the jobs with that token will be found even if you are not authenticated. So that is one thing to try, try to configure a token and add the URL with token query parameter in GitHub.

from generic-webhook-trigger-plugin.

If you configure a token in the plugin, the jobs with that token will be found even if you are not authenticated. So that is one thing to try, try to configure a token and add the URL with token query parameter in GitHub.

This actually works as a solution here, though not the most ideal as it exposes the token in the repo settings. Feel free to close it. Implementing the Github auth scheme would be nice, but it is hardly required.

"does not send a 'token' like the plugin expects" but your supplied pipeline code does not contain any token.
The token is set outside of the pipeline.

"If you are browsing to the trigger URL, you might already be authenticated and that is why the job is found and triggered."
If you add the same URL to GitHub is will not be authenticated and not find any jobs to trigger.

That is correct. I just spoke about that to clarify the setup scheme is actually working.

from generic-webhook-trigger-plugin.

What is the problem with exposing the token? It can only be used to trigger the job.

If you dont want anyone to be able to trigger the job, you should also use the whitelist feature. https://github.com/jenkinsci/generic-webhook-trigger-plugin?tab=readme-ov-file#whitelist-hosts

from generic-webhook-trigger-plugin.

An exposed token is less secure, in any case, not a big deal. Who knows what one may be triggering with that token. Jobs can do just about anything.

If you dont want anyone to be able to trigger the job, you should also use the whitelist feature.
Not an effective solution when it requires whitelisting all of Github's IPs in this situation.

from generic-webhook-trigger-plugin.

If you let each job have their own token, you will only be able to trigger one job with the token.

You may also want to use the regexp filter when resolving values from the webhook to only allow numbers or whatever you expect them to be.

Also you can whitelist all IP:s and use HMAC.

from generic-webhook-trigger-plugin.