Getting error time="2018-04-03T22:55:38Z" level=error msg="cannot authenticate user. GET https://github.corp.X.X/api/v3/user: 401 Bad credentials []"

Anyone seen this? Everything looks fine at our end. I even removed the authorized app and started fresh. still the same error

I’m experiencing the same issue. Did you ever find a solution?

We have a proxy running and I set the environment variables accordingly.
Also, I double checked the redirect url and the url.

still yields “githubenterprisedomain.corp/api/v3/user: 401 Bad credentials []”

Can you provide your Drone server configuration? Drone version information? Can you confirm this is not a super old version of GitHub Enterprise? Did you by chance attempt to set or override the oauth scopes? Is it possible your proxy is stripping or modifying header variables (like the Authorization header)?

It sounds like the redirect worked fine, and that Drone was able to exchange the oauth code (in the redirect url) for an oauth token. This error tells me the subsequent api call to /user (used to get the user account details associated with the oauth token) is failing. This is not a typical issue we encounter, so we will need to triage further.

I can tell you that @ptagr solved the issue, since I know he has an active Drone installation. Perhaps he will remember what he did to resolve the error and can share :slight_smile:

Hello, thanks for you message.

The Github Enterprise Instance is running on 2.11.5 (released November 21, 2017). Maybe this is too old already?
I’m trying to deploy Drone on a on-Premise Kubernetes Cluster through Rancher V2 and this chart.

Drone Version: 0.8.5

Drone Config

  DRONE_ADMIN: <githubenterpriseusername>
  DRONE_DATABASE_DATASOURCE: /var/lib/drone/drone.sqlite
  DRONE_DEBUG: "false"
  DRONE_GITHUB: "true"
  DRONE_GITHUB_URL: https://githubenterprisedomain.intra.corp
  DRONE_OPEN: "true"
  HTTP_PROXY: http://<user>:<pw>@<proxy>:3128
  HTTPS_PROXY:  http://<user>:<pw>@<proxy>:3128
  NO_PROXY: .intra.corp

I’m not sure I can check for whether the proxy is stripping headers. How do I go about that?

Thanks for your help!

This version is fine. GitHub Enterprise support was added in 2015 so any version of GitHub enterprise created in 2015 or later will work.

No clue this is outside my area of expertise and I’m just trying to think of reasons the API request would fail. Proxies and networking always seem to cause weird errors, but they can be difficult to debug and are organization-specific. I guess my question to you is, can you verify the API call is making it to GitHub?

You could perhaps also have your GitHub Enterprise admin check the GitHub Enterprise logs to see if they provide more information.

also have you tried to access the GitHub enterprise API from your server, using your proxy settings, with something like curl to verify connectivity?

HTTP_PROXY: http://<user>:<pw>@<proxy>:3128
HTTPS_PROXY:  http://<user>:<pw>@<proxy>:3128

also is it intentional that the HTTPS_PROXY is routed through an http:// address and not https?


Yes, the http:// on the HTTPS_PROXY is intentional since it seems to be the way the proxy is set up by our org.

 curl -v -H "Authorization: token <personalaccesstoken>" https://githubenterprisedomain.intra.corp/api/v3/user

yields the expected JSON response when executing the curl from the host DroneCI runs. So I would say that connectivity is there.

Still not sure what’s going on - I’ll try to figure out whether the proxy has any role in it.